Abstract
In this paper we describe attacks on the UOV-based signature scheme called MQ-Sign. MQ-Sign was submitted by Shim, Kim, and An as a first-round candidate for standardization in the (South) Korean post-quantum cryptography competition (KpqC). The scheme makes use of sparseness of the secret central polynomials and equivalent key construction to reduce the size of the private key. The authors propose four variants exploiting different levels of sparsity, MQ-Sign-SS, MQ-Sign-RS, MQ-Sign-SR, and MQ-Sign-RR with the last one being the standard UOV signature scheme.
We show that apart from the MQ-Sign-RR variant, all the others are insecure. Namely, we present a polynomial-time key-recovery attack on the variants MQ-Sign-SS and MQ-Sign-RS and a forgery attack on the variant MQ-Sign-SR below the claimed security level. Our attack exploits exactly the techniques used for reduction of keys - the sparsity of the central polynomials in combination with the specific structure of the secret linear map \(\textbf{S}\).
We provide a verification script for the polynomial-time key-recovery attack, that recovers the secret key in less than seven seconds for security level V. Furthermore, we provide an implementation of the non-guessing part of the forgery attack, confirming our complexity estimates.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Here, and in the following, the submatrix indices are ommited where there is no ambiguity.
- 2.
This was suggested by the authors of MQ-Sign as a countermeasure when the attack in Sect. 3 was first announced.
References
Aulbach, T., Campos, F., Krämer, J., Samardjiska, S., Stöttinger, M.: Separating oil and vinegar with a single trace side-channel assisted Kipnis-Shamir attack on UOV. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2023(3), 221–245 (2023)
Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. Ph.D. thesis, Université de Paris VI (2004)
Beullens, W.: Breaking rainbow takes a weekend on a laptop. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13508, pp. 464–479. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_16
Beullens, W., et al.: Oil and vinegar: modern parameters and implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 321–365, 2023 (2023)
Bosma, W., Cannon, J., Playoust, C.: The magma algebra system. I. The user language. J. Symbolic Comput. 24(3–4), 235–265 (1997). Computational algebra and number theory (London, 1993)
Casanova, A., Faugère, J.-C., Macario-Rat, G., Patarin, J., Perret, L., Ryckeghem, J.: GeMSS. Technical report, National Institute of Standards and Technology (2020)
Chinese Association for Cryptologic Research (CACR). CACR post-quantum competition (2018)
Ding, J., et al.: Rainbow. Technical report, National Institute of Standards and Technology (2020)
Ding, J., Hu, L., Yang, B.-Y., Chen, J.-M.: Note on design criteria for rainbow-type multivariates. Cryptology ePrint Archive, Report 2006/307 (2006)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (\(F_5\)). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, ISSAC, pp. 75–83. ACM Press (2002)
I. O. for Standardization ISO/IEC JTC 1/SC 27 (WG2). Information security, cybersecurity and privacy protection: ISO/IEC WD 14888-4 Information technology - Security techniques - Digital signatures with appendix - Part 4: Stateful hash-based mechanisms. https://www.iso.org/standard/80492.html
Hulsing, A., et al.: SPHINCS+. NIST PQC Submission (2020)
Hülsing, A., Butin, D., Gazdag, S.-L., Rijneveld, J., Mohaisen, A.: XMSS: extended hash-based signatures. RFC 8391 (2018)
Ikematsu, Y., Jo, H., Yasuda, T.: A security analysis on MQ-Sign. In: Kim, H., Youn, J. (eds.) WISA 2023. LNCS, vol. 14402, pp. 40–51. Springer, Singapore (2024). https://doi.org/10.1007/978-981-99-8024-6_4
Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_15
Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055733
Lyubashevsky, V., et al.: Crystals-dilithium. NIST PQC Submission (2020)
Mosca, M., Piani, M.: 2021 quantum threat timeline report (2022)
National Institute for Standards and Technology. Post-Quantum Cryptography Standardization (2017)
Park, A., Shim, K.-A., Koo, N., Han, D.-G.: Side-channel attacks on post-quantum signature schemes based on multivariate quadratic equations 2018(3), 500–523 (2018). https://tches.iacr.org/index.php/TCHES/article/view/7284
Patarin, J.: The oil and vinegar signature scheme (1997)
Petzoldt, A.: Selecting and reducing key sizes for multivariate cryptography. Ph.D. thesis, Darmstadt University of Technology, Germany (2013)
Petzoldt, A., Bulygin, S., Buchmann, J.: CyclicRainbow - a multivariate signature scheme with a partially cyclic public key based on rainbow. Cryptology ePrint Archive, Report 2010/424 (2010)
Prest, T., et al.: FALCON. NIST PQC Submission (2020)
Quantum Resistant Cryptography Research Center. Korean post-quantum cryptographic competition (2022)
Shim, K.-A., Kim, J., An, Y.: MQ-Sign: a new post-quantum signature scheme based on multivariate quadratic equations: shorter and faster (2022). https://www.kpqc.or.kr/images/pdf/MQ-Sign.pdf
Tao, C., Petzoldt, A., Ding, J.: Efficient key recovery for all HFE signature variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 70–93. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_4
The Sage Developers. SageMath, the Sage Mathematics Software System (Version 9.5) (2022). https://www.sagemath.org
Yang, B.-Y., Chen, J.-M., Chen, Y.-H.: TTS: high-speed signatures on a low-cost smart card. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 371–385. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_27
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Aulbach, T., Samardjiska, S., Trimoska, M. (2024). Practical Key-Recovery Attack on MQ-Sign and More. In: Saarinen, MJ., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2024. Lecture Notes in Computer Science, vol 14772. Springer, Cham. https://doi.org/10.1007/978-3-031-62746-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-62746-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-62745-3
Online ISBN: 978-3-031-62746-0
eBook Packages: Computer ScienceComputer Science (R0)