Hash your Keys before Signing: BUFF Security of the Additional NIST PQC Signatures

Thomas Aulbach; Samed Düzlü; Michael Meyer; Patrick Struck; Maximiliane Weishäupl

Paper 2024/591

Hash your Keys before Signing: BUFF Security of the Additional NIST PQC Signatures

Thomas Aulbach, University of Regensburg

Samed Düzlü

, University of Regensburg

Michael Meyer

, University of Regensburg

Patrick Struck

, University of Konstanz

Maximiliane Weishäupl, University of Regensburg

Abstract

In this work, we analyze the so-called Beyond UnForgeability Features (BUFF) security of the submissions to the current standardization process of additional signatures by NIST. The BUFF notions formalize security against maliciously generated keys and have various real-world use cases, where security can be guaranteed despite misuse potential on a protocol level. Consequently, NIST declared the security against the BUFF notions as desirable features. Despite NIST's interest, only out of schemes consider BUFF security at all, but none give a detailed analysis. We close this gap by analyzing the schemes based on codes, isogenies, lattices, and multivariate equations. The results vary from schemes that achieve neither notion (e.g., Wave) to schemes that achieve all notions (e.g., PROV). In particular, we dispute certain claims by SQUIRRELS and VOX regarding their BUFF security. Resulting from our analysis, we observe that three schemes (CROSS, HAWK and PROV) achieve BUFF security without having the hash of public key and message as part of the signature, as BUFF transformed schemes would have. HAWK and PROV essentially use the lighter PS-3 transform by Pornin and Stern (ACNS'05). We further point out whether this transform suffices for the other schemes to achieve the BUFF notions, with both positive and negative results.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. Minor revision. PQCrypto 2024
Keywords: Signature Schemes BUFF Additional Security Properties
Contact author(s): thomas aulbach @ ur de
samed duzlu @ ur de
michael @ random-oracles org
patrick struck @ uni-konstanz de
maximiliane weishaeupl @ ur de
History: 2025-01-09: revised; 2024-04-16: received; See all versions
Short URL: https://ia.cr/2024/591
License: CC BY-NC

BibTeX

@misc{cryptoeprint:2024/591,
      author = {Thomas Aulbach and Samed Düzlü and Michael Meyer and Patrick Struck and Maximiliane Weishäupl},
      title = {Hash your Keys before Signing: {BUFF} Security of the Additional {NIST} {PQC} Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/591},
      year = {2024},
      url = {https://eprint.iacr.org/2024/591}
}