A Security Analysis of Restricted Syndrome Decoding Problems
Gespeichert in:
| Titel: | A Security Analysis of Restricted Syndrome Decoding Problems |
|---|---|
| Autoren: | Ward Beullens, Pierre Briaud, Morten Øygarden |
| Quelle: | IACR Communications in Cryptology, Volume 1, Issue 3 ; 3006-5496 |
| Verlagsinformationen: | International Association for Cryptologic Research |
| Publikationsjahr: | 2024 |
| Beschreibung: | Restricted syndrome decoding problems (R-SDP and R-SDP($G$)) provide an interesting basis for post-quantum cryptography. Indeed, they feature in CROSS, a submission in the ongoing process for standardizing post-quantum signatures. This work improves our understanding of the security of both problems. Firstly, we propose and implement a novel collision attack on R-SDP($G$) that provides the best attack under realistic restrictions on memory. Secondly, we derive precise complexity estimates for algebraic attacks on R-SDP that are shown to be accurate by our experiments. We note that neither of these improvements threatens the updated parameters of CROSS. |
| Publikationsart: | article in journal/newspaper |
| Sprache: | English |
| Relation: | https://cic.iacr.org/p/1/3/33 |
| DOI: | 10.62056/a06cy7qiu |
| Verfügbarkeit: | https://cic.iacr.org/p/1/3/33 https://doi.org/10.62056/a06cy7qiu |
| Rights: | https://creativecommons.org/licenses/by/4.0/ ; Copyright held by authors |
| Dokumentencode: | edsbas.B0985FE8 |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Restricted syndrome decoding problems (R-SDP and R-SDP($G$)) provide an interesting basis for post-quantum cryptography. Indeed, they feature in CROSS, a submission in the ongoing process for standardizing post-quantum signatures. This work improves our understanding of the security of both problems. Firstly, we propose and implement a novel collision attack on R-SDP($G$) that provides the best attack under realistic restrictions on memory. Secondly, we derive precise complexity estimates for algebraic attacks on R-SDP that are shown to be accurate by our experiments. We note that neither of these improvements threatens the updated parameters of CROSS. |
|---|---|
| DOI: | 10.62056/a06cy7qiu |