Paper 2024/110

Cryptanalysis of the SNOVA signature scheme

Peigen Li, Beijing Institute of Mathematical Sciences and Applications, Yau Mathematical Sciences Center, Tsinghua University
Jintai Ding, Beijing Institute of Mathematical Sciences and Applications, Yau Mathematical Sciences Center, Tsinghua University
Abstract

SNOVA is a variant of a UOV-type signature scheme over a noncommutative ring. In this article, we demonstrate that certain parameters provided by authors in SNOVA fail to meet the NIST security level, and the complexities are lower than those claimed by SNOVA.

Note: There are some adjustments to the complexity (Table 1) of the new version and the original version.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. PQCrypto2024
DOI
10.1007/978-3-031-62746-0_4
Keywords
MPKCs;UOV;SNOVA
Contact author(s)
lpg22 @ bimsa cn
jintai ding @ gmail com
History
2024-07-24: revised
2024-01-25: received
See all versions
Short URL
https://ia.cr/2024/110
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2024/110,
      author = {Peigen Li and Jintai Ding},
      title = {Cryptanalysis of the {SNOVA} signature scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/110},
      year = {2024},
      doi = {10.1007/978-3-031-62746-0_4},
      url = {https://eprint.iacr.org/2024/110}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.