Paper 2024/1517
A Note on the SNOVA Security
Abstract
SNOVA is one of the submissions in the NIST Round 1 Additional Signature of the Post-Quantum Signature Competition. SNOVA is a UOV variant that uses the noncommutative-ring technique to educe the size of the public key. SNOVA's public key size and signature size are well-balanced and have good performance. Recently, Beullens proposed a forgery attack against SNOVA, pointing out that the parameters of SNOVA can be attacked. Beullens also argued that with some slight adjustments his attacks can be prevented. In this note, we explain Beullens' forgery attack and show that the attack can be invalid by two different approaches. Finally, we show that these two approaches do not increase the sizes of the public keys or signatures and the current parameters satisfy the security requirement of NIST.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- PQCMQSNOVA
- Contact author(s)
-
lcwang @ gms ndhu edu tw
choucy @ gms ndhu edu tw
ylkuan @ gms ndhu edu tw
info @ vacuas nl
briantseng0320 @ gmail com - History
- 2024-09-30: revised
- 2024-09-26: received
- See all versions
- Short URL
- https://ia.cr/2024/1517
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1517,
author = {Lih-Chung Wang and Chun-Yen Chou and Jintai Ding and Yen-Liang Kuan and Jan Adriaan Leegwater and Ming-Siou Li and Bo-Shu Tseng and Po-En Tseng and Chia-Chun Wang},
title = {A Note on the {SNOVA} Security},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1517},
year = {2024},
url = {https://eprint.iacr.org/2024/1517}
}
