Paper 2024/353

FuLeakage: Breaking FuLeeca by Learning Attacks

Felicitas Hörmann, German Aerospace Center (DLR), University of St. Gallen
Wessel van Woerden, Institut de Mathématiques de Bordeaux, Inria Bordeaux - Sud-Ouest Research Centre
Abstract

FuLeeca is a signature scheme submitted to the recent NIST call for additional signatures. It is an efficient hash-and-sign scheme based on quasi-cyclic codes in the Lee metric and resembles the lattice-based signature Falcon. FuLeeca proposes a so-called concentration step within the signing procedure to avoid leakage of secret-key information from the signatures. However, FuLeeca is still vulnerable to learning attacks, which were first observed for lattice-based schemes. We present three full key-recovery attacks by exploiting the proximity of the code-based FuLeeca scheme to lattice-based primitives. More precisely, we use a few signatures to extract an $n/2$-dimensional circulant sublattice from the given length-$n$ code, that still contains the exceptionally short secret-key vector. This significantly reduces the classical attack cost and, in addition, leads to a full key recovery in quantum-polynomial time. Furthermore, we exploit a bias in the concentration procedure to classically recover the full key for any security level with at most 175,000 signatures in less than an hour.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in CRYPTO 2024
DOI
10.1007/978-3-031-68391-6_8
Keywords
learning attackFuLeecaLee metriclattice reductionquantum attack
Contact author(s)
felicitas hoermann @ dlr de
wessel van-woerden @ math u-bordeaux fr
History
2024-08-08: last of 2 revisions
2024-02-27: received
See all versions
Short URL
https://ia.cr/2024/353
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/353,
      author = {Felicitas Hörmann and Wessel van Woerden},
      title = {{FuLeakage}: Breaking {FuLeeca} by Learning Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/353},
      year = {2024},
      doi = {10.1007/978-3-031-68391-6_8},
      url = {https://eprint.iacr.org/2024/353}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.