Abstract
We present a new attack against the PSSI problem, one of the three problems at the root of security of Durandal, an efficient rank metric code-based signature scheme with a public key size of 15 kB and a signature size of 4 kB, presented at EUROCRYPT’19. Our attack recovers the private key using a leakage of information coming from several signatures produced with the same key. Our approach is to combine pairs of signatures and perform Cramer-like formulas in order to build subspaces containing a secret element. We break all existing parameters of Durandal: the two published sets of parameters claiming a security of 128 bits are broken in respectively \(2^{66}\) and \(2^{73}\) elementary bit operations, and the number of signatures required to finalize the attack is 1,792 and 4,096 respectively. We implemented our attack and ran experiments that demonstrated its success with smaller parameters.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In the original paper of Durandal, the first component of the samples are vectors \(\boldsymbol{z}_i\) of length n and support \(Z_i\) but this has been proven equivalent to the version defined in this paper (see beginning of Sect. 4.1 in [5]).
References
Aguilar-Melchor, C., Aragon, N., Dyseryn, V., Gaborit, P., Zémor, G.: LRPC codes with multiple syndromes: near ideal-size KEMs without ideals. In: Cheon, J.H., Johansson, T. (eds.) Post-Quantum Cryptography, PQCrypto 2022. LNCS, vol 13512. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17234-2_3
Aguilar-Melchor, C., Blazy, O., Deneuville, J.-C., Gaborit, P., Zémor, G.: Efficient encryption from random quasi-cyclic codes. IEEE Trans. Inf. Theor. 64(5), 3927–3943 (2018)
Aragon, N., et al.: The rank-based cryptography library. In: Wachter-Zeh, A., Bartz, H., Liva, G. (eds.) Code-Based Cryptography, CBCrypto 2021. LNCS, vol. 13150. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-98365-9_2
Aragon, N., et al.: ROLLO (merger of Rank-Ouroboros, LAKE and LOCKER). Second round submission to the NIST post-quantum cryptography call, March 2019
Aragon, N., Blazy, O., Gaborit, P., Hauteville, A., Zémor, G.: Durandal: a rank metric based signature scheme. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 728–758. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_25
Aragon, N., Gaborit, P., Hauteville, A., Ruatta, O., Zémor, G.: Low rank parity check codes: new decoding algorithms and applications to cryptography. IEEE Trans. Inf. Theor. 65(12), 7697–7717 (2019)
Aumasson, J.-P., et al.: SPHINCS+. Submission to the 3rd round of the NIST post-quantum project (v3.1), June 2022
Ducas, L., et al.: CRYSTALS-Dilithium. Algorithm Specifications and Supporting Documentation (Version 3.1), February 2021
Feneuil, T.: Building MPCitH-based Signatures from MQ, MinRank. Rank SD and PKP. Cryptology ePrint Archive (2022)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Fouque, P.-A., et al.: Falcon: fast-Fourier lattice-based compact signatures over NTRU. Algorithm Specifications and Supporting Documentation (Version 1.2), October 2020
Gaborit, P., Hauteville, A., Phan, D.H., Tillich, J.-P.: Identity-based encryption from codes with rank metric. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 194–224. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_7
Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_43
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Aragon, N., Dyseryn, V., Gaborit, P. (2023). Analysis of the Security of the PSSI Problem and Cryptanalysis of the Durandal Signature Scheme. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14083. Springer, Cham. https://doi.org/10.1007/978-3-031-38548-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-38548-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38547-6
Online ISBN: 978-3-031-38548-3
eBook Packages: Computer ScienceComputer Science (R0)
