A Security Analysis of Restricted Syndrome Decoding Problems
Uloženo v:
| Název: | A Security Analysis of Restricted Syndrome Decoding Problems |
|---|---|
| Autoři: | Ward Beullens, Pierre Briaud, Morten Øygarden |
| Zdroj: | IACR Communications in Cryptology, Volume 1, Issue 3 ; 3006-5496 |
| Informace o vydavateli: | International Association for Cryptologic Research |
| Rok vydání: | 2024 |
| Popis: | Restricted syndrome decoding problems (R-SDP and R-SDP($G$)) provide an interesting basis for post-quantum cryptography. Indeed, they feature in CROSS, a submission in the ongoing process for standardizing post-quantum signatures. This work improves our understanding of the security of both problems. Firstly, we propose and implement a novel collision attack on R-SDP($G$) that provides the best attack under realistic restrictions on memory. Secondly, we derive precise complexity estimates for algebraic attacks on R-SDP that are shown to be accurate by our experiments. We note that neither of these improvements threatens the updated parameters of CROSS. |
| Druh dokumentu: | article in journal/newspaper |
| Jazyk: | English |
| Relation: | https://cic.iacr.org/p/1/3/33 |
| DOI: | 10.62056/a06cy7qiu |
| Dostupnost: | https://cic.iacr.org/p/1/3/33 https://doi.org/10.62056/a06cy7qiu |
| Rights: | https://creativecommons.org/licenses/by/4.0/ ; Copyright held by authors |
| Přístupové číslo: | edsbas.B0985FE8 |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | Restricted syndrome decoding problems (R-SDP and R-SDP($G$)) provide an interesting basis for post-quantum cryptography. Indeed, they feature in CROSS, a submission in the ongoing process for standardizing post-quantum signatures. This work improves our understanding of the security of both problems. Firstly, we propose and implement a novel collision attack on R-SDP($G$) that provides the best attack under realistic restrictions on memory. Secondly, we derive precise complexity estimates for algebraic attacks on R-SDP that are shown to be accurate by our experiments. We note that neither of these improvements threatens the updated parameters of CROSS. |
|---|---|
| DOI: | 10.62056/a06cy7qiu |