Skip to main content
Springer Nature Link
Log in

Don’t Use it Twice! Solving Relaxed Linear Equivalence Problems

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15491))

  • 266 Accesses

Abstract

The Linear Code Equivalence (LCE) Problem has received increased attention in recent years due to its applicability in constructing efficient digital signatures. Notably, the LESS signature scheme based on LCE is under consideration for the NIST post-quantum standardization process, along with the MEDS signature scheme that relies on an extension of LCE to the rank metric, namely the Matrix Code Equivalence (MCE) Problem. Building upon these developments, a family of signatures with additional properties, including linkable ring, group, and threshold signatures, has been proposed. These novel constructions introduce relaxed versions of LCE (and MCE), wherein multiple samples share the same secret equivalence. Despite their significance, these variations have often lacked a thorough security analysis, being assumed to be as challenging as their original counterparts. Addressing this gap, our work delves into the sample complexity of LCE and MCE—precisely, the sufficient number of samples required for efficient recovery of the shared secret equivalence. Our findings reveal, for instance, that one should not use the same secret twice in the LCE setting since this enables a polynomial time (and memory) algorithm to retrieve the secret. Consequently, our results unveil the insecurity of two advanced signatures based on variants of the LCE Problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The authors in [7] gave a more general problem definition in terms of group actions, namely 2-Group Action Inverse Problem (2-GAIP). Here, we refer by \(2\text {-}\textsf{LCE}\) to the 2-GAIP from [7] instantiated with \({\textsf{LCE}}\).

  2. 2.

    For example, in the case of the well-known Strassen’s algorithm which is considered as the best algorithm for matrix multiplications for large n, one can set \(\omega = \log _2(7)\).

  3. 3.

    If the matrix \(\boldsymbol{A} \in \mathbb {F}_q^{r\times s}\) is rectangular, we set \(n = \max \{r,s\}\) in the complexity.

  4. 4.

    In case of \({\textsf{LCE}}\) we restrict \({\boldsymbol{Q}} \) to be in \({\textsf{Mono}}_n(\mathbb {F}_q)\), while for \({\textsf{MCE}}\) we assume that \(n = mr\) and \(\boldsymbol{Q} = {\boldsymbol{A}}^\top \otimes \boldsymbol{B}\) for some \({\boldsymbol{A}} \in {\textsf{GL}}_m(\mathbb {F}_q)\) and \({\boldsymbol{B}} \in {\textsf{GL}}_r(\mathbb {F}_q)\).

  5. 5.

    In [33, page 62], the author says “This might have high complexity depending on the size of the solution set.” We interpret this as requiring an exhaustive search.

  6. 6.

    The authors published an updated version of their protocol that does not rely on \(2\text {-}\textsf{LCE}\) as a preprint after our attack was made public [6].

References

  1. Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai and Wang [26], pp. 411–439. https://doi.org/10.1007/978-3-030-64834-3_14

  2. Baldi, M., Beckwith, A.B.L., Biasse, J.F., Esser, A., Gaj, K., Mohajerani, K., Pelosi, G., Persichetti, E., Saarinen, M.J.O., Santini, P., Wallace, R.: LESS (version 1.1). Tech. rep., National Institute of Standards and Technology (2023), https://www.less-project.com/

  3. Bardet, M., Otmani, A., Saeed-Taha, M.: Permutation Code Equivalence is Not Harder Than Graph Isomorphism When Hulls Are Trivial. In: 2019 IEEE International Symposium on Information Theory (ISIT). pp. 2464–2468 (2019).https://doi.org/10.1109/ISIT.2019.8849855

  4. Barenghi, A., Biasse, J., Ngo, T., Persichetti, E., Santini, P.: Advanced signature functionalities from the code equivalence problem. International Journal of Computer Mathematics: Computer Systems Theory 7(2), 112–128 (2022). https://doi.org/10.1080/23799927.2022.2048206

    Article  MathSciNet  Google Scholar 

  5. Barenghi, A., Biasse, J.F., Persichetti, E., Santini, P.: On the computational hardness of the code equivalence problem in cryptography. Advances in Mathematics of Communications 17(1), 23–55 (2023). https://doi.org/10.3934/amc.2022064

    Article  MathSciNet  Google Scholar 

  6. Battagliola, M., Borin, G., Meneghetti, A., Persichetti, E.: Cutting the GRASS: Threshold GRoup Action Signature Schemes. Cryptology ePrint Archive, Paper 2023/859 (2023), https://eprint.iacr.org/2023/859

  7. Battagliola, M., Borin, G., Meneghetti, A., Persichetti, E.: Cutting the grass: Threshold group action signature schemes. In: Oswald, E. (ed.) Topics in Cryptology – CT-RSA 2024. pp. 460–489. Springer Nature Switzerland, Cham (2024), https://doi.org/10.1007/978-3-031-58868-6_18

  8. Benčina, B., Budroni, A., Chi-Domínguez, J.J., Kulkarni, M.: Properties of Lattice Isomorphism as a Cryptographic Group Action. In: International Conference on Post-Quantum Cryptography. pp. 170–201. Springer (2024),https://doi.org/10.1007/978-3-031-62743-9_6

  9. Beullens, W.: Not enough LESS: An improved algorithm for solving code equivalence problems over \(\mathbb{F}_q\). In: International Conference on Selected Areas in Cryptography. pp. 387–403. Springer (2020),https://doi.org/10.1007/978-3-030-81652-0_15

  10. Beullens, W., Katsumata, S., Pintore, F.: Calamari and Falafl: Logarithmic (linkable) ring signatures from isogenies and lattices. In: Moriai and Wang [26], pp. 464–492.https://doi.org/10.1007/978-3-030-64834-3_16

  11. Biasse, J.F., Micheli, G., Persichetti, E., Santini, P.: LESS is more: Code-based signatures without syndromes. In: Nitaj, A., Youssef, A.M. (eds.) AFRICACRYPT 20. LNCS, vol. 12174, pp. 45–65. Springer, Heidelberg (Jul 2020).https://doi.org/10.1007/978-3-030-51938-4_3

  12. Bos, J.W., Bronchain, O., Ducas, L., Fehr, S., Huang, Y.H., Pornin, T., Postlethwaite, E.W., Prest, T., Pulles, L.N., van Woerden, W.: Hawk version 1.0 (june 1, 2023). Tech. rep., National Institute of Standards and Technology (2023), https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/hawk-spec-web.pdf

  13. Budroni, A., Chi-Domínguez, J.J., D’Alconzo, G., Di Scala, A.J., Kulkarni, M.: relaxed-lce-algorithms, available at https://github.com/JJChiDguez/relaxed-lce-algorithms.git

  14. Chavez-Saab, J., Santos, M.C.R., Feo, L.D., Eriksen, J.K., Hess, B., Kohel, D., Leroux, A., Longa, P., Meyer, M., Panny, L., Patranabis, S., Petit, C., Henríquez, F.R., Schaeffler, S., Wesolowski, B.: Sqisign version 1.0 (june 1, 2023). Tech. rep., National Institute of Standards and Technology (2023), https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/sqisign-spec-web.pdf

  15. Chou, T., Niederhagen, R., Persichetti, E., Ran, L., Hajatiana, T., Reijnders, K., Samardjiska, S., Trimoska, M.: MEDS (version 1.1). Tech. rep., National Institute of Standards and Technology (2023), https://www.meds-pqc.org/

  16. Chou, T., Niederhagen, R., Persichetti, E., Randrianarisoa, T.H., Reijnders, K., Samardjiska, S., Trimoska, M.: Take your MEDS: digital signatures from matrix code equivalence. In: Mrabet, N.E., Feo, L.D., Duquesne, S. (eds.) Progress in Cryptology - AFRICACRYPT 2023 - 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19-21, 2023, Proceedings. Lecture Notes in Computer Science, vol. 14064, pp. 28–52. Springer (2023).https://doi.org/10.1007/978-3-031-37679-5_2

  17. Chou, T., Persichetti, E., Santini, P.: On Linear Equivalence, Canonical Forms, and Digital Signatures. Cryptology ePrint Archive, Paper 2023/1533 (2023), https://eprint.iacr.org/2023/1533

  18. Couveignes, J.M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006), https://eprint.iacr.org/2006/291

  19. D’Alconzo, G., Di Scala, A.J.: Representations of group actions and their applications in cryptography. Finite Fields and Their Applications 99, 102476 (2024). https://doi.org/10.1016/j.ffa.2024.102476

  20. Gaborit, P., Otmani, A.: TABLES OF SELF-DUAL CODES, available at https://www.unilim.fr/pages_perso/philippe.gaborit/SD/

  21. Gaborit, P., Otmani, A.: Experimental constructions of self-dual codes. Finite Fields and Their Applications 9(3), 372–394 (2003). https://doi.org/10.1016/S1071-5797(03)00011-X

  22. Joux, A.: MPC in the head for isomorphisms and group actions. Cryptology ePrint Archive, Paper 2023/664 (2023), https://eprint.iacr.org/2023/664

  23. Kazmi, R.A.: Cryptography from post-quantum assumptions. Cryptology ePrint Archive, Report 2015/376 (2015), https://eprint.iacr.org/2015/376

  24. Leon, J.: Computing automorphism groups of error-correcting codes. IEEE Transactions on Information Theory 28(3), 496–511 (1982). https://doi.org/10.1109/TIT.1982.1056498

    Article  MathSciNet  Google Scholar 

  25. Leroux, A., Roméas, M.: Updatable encryption from group actions. In: International Conference on Post-Quantum Cryptography. pp. 20–53. Springer (2024), https://doi.org/10.1007/978-3-031-62746-0_2

  26. Moriai, S., Wang, H. (eds.): ASIACRYPT 2020, Part II, LNCS, vol. 12492. Springer, Heidelberg (Dec (2020)

    Google Scholar 

  27. National Institute of Standards and Technology: Post-Quantum Cryptography Standardization. https://csrc.nist.gov/projects/post-quantum-cryptography (2017)

  28. National Institute of Standards and Technology: Post-quantum cryptography: Digital signature schemes. Round 1 Additional Signatures (2023), https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures

  29. Persichetti, E., Randrianariso, T.H., Santini, P.: An attack on a non-interactive key exchange from code equivalence. Tatra Mountains Mathematical Publications 82(2), 53–64 (2023). https://doi.org/10.2478/tmmp-2022-0018

    Article  MathSciNet  Google Scholar 

  30. Persichetti, E., Santini, P.: A New Formulation of the Linear Equivalence Problem and Shorter LESS Signatures. In: Guo, J., Steinfeld, R. (eds.) Advances in Cryptology – ASIACRYPT 2023. pp. 351–378. Springer Nature Singapore, Singapore (2023), https://doi.org/10.1007/978-981-99-8739-9_12

  31. Petrank, E., Roth, R.M.: Is code equivalence easy to decide? IEEE Transactions on Information Theory 43(5), 1602–1604 (1997). https://doi.org/10.1109/18.623157

    Article  MathSciNet  Google Scholar 

  32. Reijnders, K., Samardjiska, S., Trimoska, M.: Hardness Estimates of the Code Equivalence Problem in the Rank Metric. Designs, Codes and Cryptography pp. 1–30 (01 2024). https://doi.org/10.1007/s10623-023-01338-x

  33. Saeed, M.A.: Algebraic Approach for Code Equivalence. Ph.D. thesis, Normandie Université, University of Khartoum, (2017), Available at https://theses.hal.science/tel-01678829v2

  34. Santini, P., Baldi, M., Chiaraluce, F.: Computational hardness of the permuted kernel and subcode equivalence problems. IEEE Transactions on Information Theory 70(3), 2254–2270 (2024). https://doi.org/10.1109/TIT.2023.3323068

    Article  MathSciNet  Google Scholar 

  35. Sendrier, N.: On the dimension of the hull. SIAM Journal on Discrete Mathematics 10(2), 282–293 (1997). https://doi.org/10.1137/S0895480195294027

    Article  MathSciNet  Google Scholar 

  36. Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Transactions on Information Theory 46(4), 1193–1203 (2000). https://doi.org/10.1109/18.850662

    Article  MathSciNet  Google Scholar 

  37. Sendrier, N., Simos, D.E.: The hardness of code equivalence over \(\mathbb{F}_{q}\) and its application to code-based cryptography. In: Gaborit, P. (ed.) Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013. pp. 203–216. Springer Heidelberg (June 2013), https://doi.org/10.1007/978-3-642-38616-9_14

  38. The Sage Developers: SageMath, the Sage Mathematics Software System (Version 9.8) (2023), https://www.sagemath.org

Download references

Acknowledgments

Giuseppe D’Alconzo and Antonio J. Di Scala are members of GNSAGA of INdAM and of CrypTO, the group of Cryptography and Number Theory of the Politecnico di Torino.

The work of Antonio J. Di Scala was partially supported by the QUBIP project (https://www.qubip.eu), funded by the European Union under the Horizon Europe framework programme [grant agreement no. 101119746].

This work was partially supported by project SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the European Union - NextGenerationEU.

We would also like to thank Andrea Natale and Ricardo Pontaza for their insights and discussions, which helped us improve the analysis of our techniques. Finally, we thank the anonymous reviewers of a previous version of this manuscript who provided us with helpful comments and recommendations.

Author information

Authors and Affiliations

  1. Cryptography Research Center, Technology Innovation Institute, Abu Dhabi, UAE

    Alessandro Budroni, Jesús-Javier Chi-Domínguez & Mukul Kulkarni

  2. Department of Mathematical Sciences, Polytechnic University of Turin, Turin, Italy

    Giuseppe D’Alconzo & Antonio J. Di Scala

Authors
  1. Alessandro Budroni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesús-Javier Chi-Domínguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giuseppe D’Alconzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonio J. Di Scala
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mukul Kulkarni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Budroni .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Budroni, A., Chi-Domínguez, JJ., D’Alconzo, G., Di Scala, A.J., Kulkarni, M. (2025). Don’t Use it Twice! Solving Relaxed Linear Equivalence Problems. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15491. Springer, Singapore. https://doi.org/10.1007/978-981-96-0944-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0944-4_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0943-7

  • Online ISBN: 978-981-96-0944-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics