论文信息 - Cryptanalysis of LowMC instances using single plaintext/ciphertext pair

Cryptanalysis of LowMC instances using single plaintext/ciphertext pair

Arguably one of the main applications of the LowMC family ciphers is in the post-quantum signature scheme PICNIC. Although LowMC family ciphers have been studied from a cryptanalytic point of view before, none of these studies were directly concerned with the actual use case of this cipher in PICNIC signature scheme. Due to the design paradigm of PICNIC, an adversary trying to perform a forgery attack on the signature scheme instantiated with LowMC would have access to only a single given plaintext/ciphertext pair, i.e. an adversary would only be able to perform attacks with data complexity 1 in a known-plaintext attack scenario. This restriction makes it impossible to employ classical cryptanalysis methodologies such as differential and linear cryptanalysis. In this paper we introduce two key-recovery attacks, both in known-plaintext model and of data complexity 1 for two variants of LowMC, both instances of the LowMC cryptanalysis challenge.

Serge Vaudenay | F. Betül Durak | Subhadeep Banik | Khashayar Barooti

[1] Gaëtan Leurent,et al. Low-Memory Attacks Against Two-Round Even-Mansour Using the 3-XOR Problem , 2019, CRYPTO.

[2] Takanori Isobe,et al. Cryptanalysis of Full LowMC and LowMC-M with Algebraic Techniques , 2020, IACR Cryptol. ePrint Arch..

[3] Daniel Slamanig,et al. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[4] Pierre-Alain Fouque,et al. Revisiting and Improving Algorithms for the 3XOR Problem , 2018, IACR Trans. Symmetric Cryptol..

[5] Yu Sasaki,et al. Refinements of the k-tree Algorithm for the Generalized Birthday Problem , 2015, ASIACRYPT.

[6] Mridul Nandi,et al. Revisiting Security Claims of XLS and COPA , 2015, IACR Cryptol. ePrint Arch..

[7] David A. Wagner,et al. A Generalized Birthday Problem , 2002, CRYPTO.

[8] Martin R. Albrecht,et al. Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[9] Florian Mendel,et al. Higher-Order Cryptanalysis of LowMC , 2015, ICISC.

[10] Christian Rechberger,et al. Cryptanalysis of Low-Data Instances of Full LowMCv2 , 2018, IACR Cryptol. ePrint Arch..

[11] Antoine Joux,et al. Algorithmic Cryptanalysis , 2009 .