Paper 2024/096
Revisiting the security analysis of SNOVA
Abstract
SNOVA is a multivariate signature scheme submitted to the ad- ditional NIST PQC standardization project started in 2022. SNOVA is con- structed by incorporating the structure of the matrix ring over a finite field into the UOV signature scheme, and the core part of its public key is the UOV public key whose coefficients consist of matrices. As a result, SNOVA dramatically reduces the public key size compared to UOV. In this paper, we recall the construction of SNOVA, and reconsider its security analysis. In particular, we investigate key recovery attacks applied to the core part of the public key of SNOVA in detail. Due to our analysis, we show that some pa- rameters of SNOVA submitted in the additional NIST PQC standardization do not satisfy the claimed security levels.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- PQCMPKCUOVSNOVA
- Contact author(s)
-
ikematsu @ imi kyushu-u ac jp
rika akiyama @ ntt com - History
- 2024-01-22: approved
- 2024-01-22: received
- See all versions
- Short URL
- https://ia.cr/2024/096
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/096, author = {Yasuhiko Ikematsu and Rika Akiyama}, title = {Revisiting the security analysis of {SNOVA}}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/096}, year = {2024}, url = {https://eprint.iacr.org/2024/096} }