You are looking at a specific version 20200731:202605 of this paper. See the latest version.

Paper 2020/945

On the (in)security of ROS

Fabrice Benhamouda and Tancrède Lepoint and Michele Orrù and Mariana Raykova

Abstract

We present an algorithm solving the ROS (Random inhomogeneities in a Overdetermined Solvable system of linear equations) problem in polynomial time for large enough dimensions $\ell$. The algorithm implies polynomial-time attacks against blind signatures such as Schnorr and Okamoto--Schnorr blind signatures, threshold signatures such as the one from GJKR (when concurrent executions are allowed), and multisignatures such as CoSI and the two-round version of MuSig.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
ROSBlind SchnorrCryptanalysis
Contact author(s)
fabrice benhamouda @ gmail com,tancrede @ google com,marianar @ google com,michele orru @ ens fr
History
2024-02-01: last of 5 revisions
2020-07-31: received
See all versions
Short URL
https://ia.cr/2020/945
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.