Improved Attacks for SNOVA by Exploiting Stability under a Group Action

Daniel Cabarcas; Peigen Li; Javier Verbel; Ricardo Villanueva-Polanco

Paper 2024/1770

Improved Attacks for SNOVA by Exploiting Stability under a Group Action

Daniel Cabarcas

, Universidad Nacional de Colombia

Peigen Li

, Beijing Institute of Mathematical Sciences and Applications

Javier Verbel

, Technology Innovation Institute

Ricardo Villanueva-Polanco

, Technology Innovation Institute

Abstract

SNOVA is a post-quantum digital signature scheme based on multivariate polynomials. It is a second-round candidate in an ongoing NIST standardization process for post-quantum signatures, where it stands out for its efficiency and compactness. Since its initial submission, there have been several improvements to its security analysis, both on key recovery and forgery attacks. All these works reduce to solving a structured system of quadratic polynomials, which we refer to as SNOVA system. In this work, we propose a polynomial solving algorithm tailored for SNOVA systems, which exploits the \textit{stability} of the system under the action of a commutative group of matrices. This new algorithm reduces the complexity of solving SNOVA systems over generic ones. We show how to adapt the \textit{reconciliation} and \textit{direct} attacks in order to profit from the new algorithm. Consequently, we improve the reconciliation attack for all SNOVA parameter sets with speedup factors ranging between and . We also show how to use similar ideas to carry on a forgery attack. In this case, we use experimental results to estimate its complexity, and we discuss its impact. The empirical evidence suggests that our attack is more efficient than previous attacks, and it takes some SNOVA parameter sets below NIST's security threshold.

Note: (17/02/2025) Enhanced writing, refined the experimental report, and use of Gröbner bases in the forgery attack.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Cryptanalysis SNOVA stable ideals post-quantum multivariate
Contact author(s): dcabarc @ unal edu co
lpg22 @ bimsa cn
javier verbel @ tii ae
ricardo polando @ tii ae
History: 2025-02-17: revised; 2024-10-30: received; See all versions
Short URL: https://ia.cr/2024/1770
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1770,
      author = {Daniel Cabarcas and Peigen Li and Javier Verbel and Ricardo Villanueva-Polanco},
      title = {Improved Attacks for {SNOVA} by Exploiting Stability under a Group Action},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1770},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1770}
}