An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

Daniel Kales; Greg Zaverucha

doi:10.1007/978-3-030-65411-5_1

An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

Daniel Kales, Greg Zaverucha

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We present a generic forgery attack on signature schemes constructed from 5-round identification schemes made non-interactive with the Fiat-Shamir transform. The attack applies to ID schemes that use parallel repetition to decrease the soundness error. The attack can be mitigated by increasing the number of parallel repetitions, and our analysis of the attack facilitates parameter selection. We apply the attack to MQDSS, a post-quantum signature scheme relying on the hardness of the MQ-problem. Concretely, forging a signature for the L1 instance of MQDSS, which should provide 128 bits of security, can be done in ≈ 2 ⁹⁵ operations. We verify the validity of the attack by implementing it for round-reduced versions of MQDSS, and the designers have revised their parameter choices accordingly. We also survey other post-quantum signature algorithms and find the attack succeeds against PKP-DSS (a signature scheme based on the hardness of the permuted kernel problem) and list other schemes that may be affected. Finally, we use our analysis to choose parameters and investigate the performance of a 5-round variant of the Picnic scheme.

Original language	English
Title of host publication	Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings
Subtitle of host publication	19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings
Editors	Stephan Krenn, Haya Shulman, Serge Vaudenay
Publisher	Springer
Pages	3-22
Number of pages	20
ISBN (Electronic)	978-3-030-65411-5
ISBN (Print)	9783030654108
DOIs	https://doi.org/10.1007/978-3-030-65411-5_1
Publication status	Published - 14 Dec 2020
Event	19th International Conference on Cryptology And Network Security - Virtuell, Austria Duration: 14 Dec 2020 → 16 Dec 2020 https://cans2020.at/

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12579 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Cryptology And Network Security
Abbreviated title	CANS 2020
Country/Territory	Austria
City	Virtuell
Period	14/12/20 → 16/12/20
Internet address	https://cans2020.at/

Keywords

signatures
post-quantum cryptography
Fiat-Shamir heuristic
Post-quantum cryptography
MQDSS
Fiat-Shamir transform
Public-key signatures
Security analysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-65411-5_1

https://eprint.iacr.org/2020/837.pdf

Cite this

Kales, D., & Zaverucha, G. (2020). An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes. In S. Krenn, H. Shulman, & S. Vaudenay (Eds.), Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings: 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings (pp. 3-22). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12579 LNCS). Springer. https://doi.org/10.1007/978-3-030-65411-5_1

An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes. / Kales, Daniel; Zaverucha, Greg.
Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings: 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings. ed. / Stephan Krenn; Haya Shulman; Serge Vaudenay. Springer, 2020. p. 3-22 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12579 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Kales, D & Zaverucha, G 2020, An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes. in S Krenn, H Shulman & S Vaudenay (eds), Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings: 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12579 LNCS, Springer, pp. 3-22, 19th International Conference on Cryptology And Network Security, Virtuell, Austria, 14/12/20. https://doi.org/10.1007/978-3-030-65411-5_1

Kales D, Zaverucha G. An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes. In Krenn S, Shulman H, Vaudenay S, editors, Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings: 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings. Springer. 2020. p. 3-22. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-65411-5_1

Kales, Daniel ; Zaverucha, Greg. / An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes. Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings: 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings. editor / Stephan Krenn ; Haya Shulman ; Serge Vaudenay. Springer, 2020. pp. 3-22 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{4aaa54700e014ef09bdd1f111ea82e2f,

title = "An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes",

abstract = "We present a generic forgery attack on signature schemes constructed from 5-round identification schemes made non-interactive with the Fiat-Shamir transform. The attack applies to ID schemes that use parallel repetition to decrease the soundness error. The attack can be mitigated by increasing the number of parallel repetitions, and our analysis of the attack facilitates parameter selection. We apply the attack to MQDSS, a post-quantum signature scheme relying on the hardness of the MQ-problem. Concretely, forging a signature for the L1 instance of MQDSS, which should provide 128 bits of security, can be done in ≈ 2 95 operations. We verify the validity of the attack by implementing it for round-reduced versions of MQDSS, and the designers have revised their parameter choices accordingly. We also survey other post-quantum signature algorithms and find the attack succeeds against PKP-DSS (a signature scheme based on the hardness of the permuted kernel problem) and list other schemes that may be affected. Finally, we use our analysis to choose parameters and investigate the performance of a 5-round variant of the Picnic scheme. ",

keywords = "signatures, post-quantum cryptography, Fiat-Shamir heuristic, Post-quantum cryptography, MQDSS, Fiat-Shamir transform, Public-key signatures, Security analysis",

author = "Daniel Kales and Greg Zaverucha",

year = "2020",

month = dec,

day = "14",

doi = "10.1007/978-3-030-65411-5_1",

language = "English",

isbn = "9783030654108",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "3--22",

editor = "Stephan Krenn and Haya Shulman and Serge Vaudenay",

booktitle = "Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings",

note = "19th International Conference on Cryptology And Network Security, CANS 2020 ; Conference date: 14-12-2020 Through 16-12-2020",

url = "https://cans2020.at/",

}

TY - GEN

T1 - An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

AU - Kales, Daniel

AU - Zaverucha, Greg

PY - 2020/12/14

Y1 - 2020/12/14

N2 - We present a generic forgery attack on signature schemes constructed from 5-round identification schemes made non-interactive with the Fiat-Shamir transform. The attack applies to ID schemes that use parallel repetition to decrease the soundness error. The attack can be mitigated by increasing the number of parallel repetitions, and our analysis of the attack facilitates parameter selection. We apply the attack to MQDSS, a post-quantum signature scheme relying on the hardness of the MQ-problem. Concretely, forging a signature for the L1 instance of MQDSS, which should provide 128 bits of security, can be done in ≈ 2 95 operations. We verify the validity of the attack by implementing it for round-reduced versions of MQDSS, and the designers have revised their parameter choices accordingly. We also survey other post-quantum signature algorithms and find the attack succeeds against PKP-DSS (a signature scheme based on the hardness of the permuted kernel problem) and list other schemes that may be affected. Finally, we use our analysis to choose parameters and investigate the performance of a 5-round variant of the Picnic scheme.

AB - We present a generic forgery attack on signature schemes constructed from 5-round identification schemes made non-interactive with the Fiat-Shamir transform. The attack applies to ID schemes that use parallel repetition to decrease the soundness error. The attack can be mitigated by increasing the number of parallel repetitions, and our analysis of the attack facilitates parameter selection. We apply the attack to MQDSS, a post-quantum signature scheme relying on the hardness of the MQ-problem. Concretely, forging a signature for the L1 instance of MQDSS, which should provide 128 bits of security, can be done in ≈ 2 95 operations. We verify the validity of the attack by implementing it for round-reduced versions of MQDSS, and the designers have revised their parameter choices accordingly. We also survey other post-quantum signature algorithms and find the attack succeeds against PKP-DSS (a signature scheme based on the hardness of the permuted kernel problem) and list other schemes that may be affected. Finally, we use our analysis to choose parameters and investigate the performance of a 5-round variant of the Picnic scheme.

KW - signatures

KW - post-quantum cryptography

KW - Fiat-Shamir heuristic

KW - Post-quantum cryptography

KW - MQDSS

KW - Fiat-Shamir transform

KW - Public-key signatures

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85098235477&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-65411-5_1

DO - 10.1007/978-3-030-65411-5_1

M3 - Conference paper

SN - 9783030654108

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 22

BT - Cryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings

A2 - Krenn, Stephan

A2 - Shulman, Haya

A2 - Vaudenay, Serge

PB - Springer

T2 - 19th International Conference on Cryptology And Network Security

Y2 - 14 December 2020 through 16 December 2020

ER -

An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

EU - KRAKEN - Brokerage and market platform for personal data

Cite this

An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

EU - KRAKEN - Brokerage and market platform for personal data

Cite this