Cryptanalysis of a One-Time Code-Based Digital Signature Scheme

We consider a one-time digital signature scheme recently proposed by Persichetti and show that a successful key recovery attack can be mounted with limited complexity. The attack we propose exploits a single signature intercepted by the attacker, and relies on a statistical analysis performed over such a signature, followed by information set decoding. We assess the attack complexity and show that a full recovery of the secret key can be performed with a work factor that is far below the claimed security level. The efficiency of the attack is motivated by the sparsity of the signature, which leads to a significant information leakage about the secret key.

[1]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[2]  Jean-Charles Faugère,et al.  A Distinguisher for High-Rate McEliece Cryptosystems , 2011, IEEE Transactions on Information Theory.

[3]  Edoardo Persichetti,et al.  Efficient One-Time Signatures from Quasi-Cyclic Codes: A Full Treatment , 2018, Cryptogr..

[4]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[5]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[6]  Daniel Smith-Tone,et al.  Report on Post-Quantum Cryptography , 2016 .

[7]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[8]  Paulo S. L. M. Barreto,et al.  Cryptanalysis of the Wave Signature Scheme , 2018, IACR Cryptol. ePrint Arch..

[9]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[10]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[11]  Jean-Pierre Tillich,et al.  Wave: A New Code-Based Signature Scheme , 2018, IACR Cryptol. ePrint Arch..

[12]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[13]  Joachim Rosenthal,et al.  Design and Implementation of a Digital Signature Scheme Based on Low-density Generator Matrix Codes , 2018, ArXiv.

[14]  Joachim Rosenthal,et al.  Using LDGM Codes and Sparse Syndromes to Achieve Digital Signatures , 2013, PQCrypto.

[15]  Jean-Pierre Tillich,et al.  An Efficient Attack on a Code-Based Signature Scheme , 2016, PQCrypto.

[16]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[17]  Philippe Gaborit,et al.  Cryptanalysis of a code-based one-time signature , 2020, IACR Cryptol. ePrint Arch..

[18]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.