Cryptanalysis of a code-based signature scheme without trapdoors

eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

You are looking at a specific version 20210210:073206 of this paper. See the latest version.

Paper 2021/134

Cryptanalysis of a code-based signature scheme without trapdoors

Marco Baldi and Jean-Christophe Deneuville and Edoardo Persichetti and Paolo Santini

Abstract

In this work, we consider a recent application of coding theory in the context of post-quantum digital signature schemes, and their cryptanalysis. We indeed implement an attack on the recent attempt by Li, Xing and Yeo to produce a code-based signature scheme using the Schnorr-Lyubashevsky approach in the Hamming metric. Differently from other (unsuccessful) proposals, this new scheme exploits rejection sampling along with dense noise vectors to hide the secret key structure in produced signatures. We show that these measures, besides yielding very slow signing times and rather long signatures, do not succeed in protecting the secret key. We are indeed able to prove the existence of a strong correlation between produced signatures, which ultimately leaks information about the secret key. To support this claim, we use both theoretical arguments and numerical evidences. Finally, we employ such a weakness to mount a full key recovery attack, which is able to recover the secret key after the observation of a bunch of signatures.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint. MINOR revision.
Keywords: Code-based cryptography Cryptanalysis Digital signature Zero-knowledge identification scheme
Contact author(s): jean-christophe deneuville @ enac fr
History: 2021-07-08: last of 2 revisions; 2021-02-10: received; See all versions
Short URL: https://ia.cr/2021/134
License: CC BY