Paper 2024/096

Revisiting the security analysis of SNOVA

Yasuhiko Ikematsu, Kyushu University
Rika Akiyama, NTT Social Informatics Laboratories
Abstract

SNOVA is a multivariate signature scheme submitted to the ad- ditional NIST PQC standardization project started in 2022. SNOVA is con- structed by incorporating the structure of the matrix ring over a finite field into the UOV signature scheme, and the core part of its public key is the UOV public key whose coefficients consist of matrices. As a result, SNOVA dramatically reduces the public key size compared to UOV. In this paper, we recall the construction of SNOVA, and reconsider its security analysis. In particular, we investigate key recovery attacks applied to the core part of the public key of SNOVA in detail. Due to our analysis, we show that some pa- rameters of SNOVA submitted in the additional NIST PQC standardization do not satisfy the claimed security levels.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
PQCMPKCUOVSNOVA
Contact author(s)
ikematsu @ imi kyushu-u ac jp
rika akiyama @ ntt com
History
2024-01-22: approved
2024-01-22: received
See all versions
Short URL
https://ia.cr/2024/096
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/096,
      author = {Yasuhiko Ikematsu and Rika Akiyama},
      title = {Revisiting the security analysis of SNOVA},
      howpublished = {Cryptology ePrint Archive, Paper 2024/096},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/096}},
      url = {https://eprint.iacr.org/2024/096}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.