skip to main content
10.1145/3634737.3645007acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

SoK: CryptographicEstimators -- a Software Library for Cryptographic Hardness Estimation

Published: 01 July 2024 Publication History

Abstract

The selection of parameters that offer best possible performance while simultaneously guaranteeing a well-defined level of security is one of the most challenging tasks in cryptographic system design. In order to ensure that the chosen parameters offer a certain level of security an estimation of the computational complexity of the underlying hard problem is required. To date, those estimations are often performed in an ad-hoc manner. This led to a scattered landscape of available estimation scripts, with multiple scripts for the same problem with varying outputs.
In this work we present the first open-source software library entirely dedicated to cryptographic hardness estimation, the CryptographicEstimators library. In contrast to most previous estimators, this library follows a modern object-oriented software architecture, which provides a wide variety of features. Overall the design is optimized to ease extending existing estimators by new algorithms and makes it simple to integrate completely new estimators. We then showcase the functionality of the library by presenting estimates for selected candidates of the NIST PQC first round digital signature standardization effort.
In this work we further specify the algorithmic cost model underlying the estimators. We then survey the state-of-the-art of concrete complexity estimation on six different hardness assumptions, including the syndrome decoding problem, the multivariate quadratic problem, the code equivalence problem, the permuted kernel problem and different flavors thereof. In this process we gathered and integrated estimators for all these assumptions, to provide a solid starting point for the project. Additionally, we normalized all estimates to fit into the cost model and to measure the same unit operations.

References

[1]
[Aaraj et al.(2023)] Najwa Aaraj, Slim Bettaieb, Loïc Bidoux, Alessandro Budroni, Victor Dyseryn, Andre Esser, Philippe Gaborit, Mukul Kulkarni, Victor Mateu, Marco Palumbi, Lucas Perin, and Jean-Pierre Tillich. 2023. PERK. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/PERK-spec-web.pdf.
[2]
[Alagic et al.(2022)] Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Carl Miller, Dustin Moody, Rene Peralta, et al. 2022. Status report on the third round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2022).
[3]
[Albrecht et al.(2015)] Martin R Albrecht, Rachel Player, and Sam Scott. 2015. On the concrete hardness of learning with errors. Journal of Mathematical Cryptology 9, 3 (2015), 169--203.
[4]
[Baena et al.(2022)] John Baena, Pierre Briaud, Daniel Cabarcas, Ray A. Perlner, Daniel Smith-Tone, and Javier A. Verbel. 2022. Improving Support-Minors Rank Attacks: Applications to GeMSS and Rainbow. In CRYPTO 2022, Part III (LNCS, Vol. 13509), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, 376--405.
[5]
[Baldi et al.(2023)] Marco Baldi, Alessandro Barenghi, Luke Beckwith, Jean-François Biasse, Andre Esser, Kris Gaj, Kamyar Mohajerani, Gerardo Pelosi, Edoardo Persichetti, Markku-Juhani Saarinen, Paolo Santini, and Robert Wallace. 2023. LESS. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/less-spec-web.pdf.
[6]
[Baldi et al.(2019)] Marco Baldi, Alessandro Barenghi, Franco Chiaraluce, Gerardo Pelosi, and Paolo Santini. 2019. A finite regime analysis of information set decoding algorithms. Algorithms 12, 10 (2019), 209.
[7]
[Barbero et al.(2022)] Stefano Barbero, Emanuele Bellini, Carlo Sanna, and Javier Verbel. 2022. Practical complexities of probabilistic algorithms for solving Boolean polynomial systems. Discrete Applied Mathematics 309 (2022), 13--31.
[8]
[Bardet et al.(2013)] M. Bardet, J.-C. Faugère, B. Salvy, and P.-J. Spaenlehauer. 2013. On the complexity of solving quadratic Boolean systems. Journal of Complexity 29, 1 (2013), 53--75.
[9]
[Bardet et al.(2019)] Magali Bardet, Ayoub Otmani, and Mohamed Saeed-Taha. 2019. Permutation Code Equivalence is Not Harder Than Graph Isomorphism When Hulls Are Trivial. In ISIT. IEEE, 2464--2468.
[10]
[Barenghi et al.(2022a)] Alessandro Barenghi, Jean-François Biasse, Tran Ngo, Edoardo Persichetti, and Paolo Santini. 2022a. Advanced signature functionalities from the code equivalence problem. International Journal of Computer Mathematics: Computer Systems Theory 7, 2 (2022), 112--128.
[11]
[Barenghi et al.(2021)] Alessandro Barenghi, Jean-François Biasse, Edoardo Persichetti, and Paolo Santini. 2021. LESS-FM: Fine-Tuning Signatures from the Code Equivalence Problem. In Post-Quantum Cryptography - 12th International Workshop, PQCrypto 2021, Jung Hee Cheon and Jean-Pierre Tillich (Eds.). Springer, Heidelberg, 23--43.
[12]
[Barenghi et al.(2022b)] Alessandro Barenghi, Jean-Francois Biasse, Edoardo Persichetti, and Paolo Santini. 2022b. On the Computational Hardness of the Code Equivalence Problem in Cryptography. Cryptology ePrint Archive, Report 2022/967. https://eprint.iacr.org/2022/967.
[13]
[Baritaud et al.(1992)] Thierry Baritaud, Mireille Campana, Pascal Chauvaud, and Henri Gilbert. 1992. On the Security of the Permuted Kernel Identification Scheme. In Advances in Cryptology - CRYPTO '92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings (Lecture Notes in Computer Science, Vol. 740), Ernest F. Brickell (Ed.). Springer, 305--311.
[14]
[Becker et al.(2012)] Anja Becker, Antoine Joux, Alexander May, and Alexander Meurer. 2012. Decoding Random Binary Linear Codes in 2n/20: How 1 + 1 = 0 Improves Information Set Decoding. In EUROCRYPT 2012 (LNCS, Vol. 7237), David Pointcheval and Thomas Johansson (Eds.). Springer, Heidelberg, 520--536.
[15]
[Bellini and Esser(2021)] Emanuele Bellini and Andre Esser. 2021. Syndrome Decoding Estimator. https://github.com/Crypto-TII/syndrome_decoding_estimator
[16]
[Bellini et al.(2022)] Emanuele Bellini, Rusydi H. Makarim, Carlo Sanna, and Javier Verbel. 2022. An Estimator for the Hardness of the MQ Problem. In Progress in Cryptology - AFRICACRYPT 2022, Lejla Batina and Joan Daemen (Eds.). Springer Nature Switzerland, Cham, 323--347.
[17]
[Berger et al.(2017)] Thierry P. Berger, Cheikh Thiécoumba Gueye, and Jean Belo Klamti. 2017. A NP-Complete Problem in Coding Theory with Application to Code Based Cryptography. In Codes, Cryptology and Information Security - Second International Conference, C2SI 2017, Rabat, Morocco, April 10-12, 2017, Proceedings - In Honor of Claude Carlet (Lecture Notes in Computer Science, Vol. 10194), Said El Hajji, Abderrahmane Nitaj, and El Mamoun Souidi (Eds.). Springer, 230--237.
[18]
[Bernstein and Chou(2023)] Daniel J Bernstein and Tung Chou. 2023. CryptAttack-Tester: formalizing attack analyses. Cryptology ePrint Archive (2023).
[19]
[Bernstein et al.(2008)] Daniel J. Bernstein, Tanja Lange, and Christiane Peters. 2008. Attacking and Defending the McEliece Cryptosystem. In Post-quantum cryptography, second international workshop, PQCRYPTO 2008, Johannes Buchmann and Jintai Ding (Eds.). Springer, Heidelberg, 31--46.
[20]
[Bettale et al.(2009)] Luk Bettale, Jean-Charles Faugère, and Ludovic Perret. 2009. Hybrid approach for solving multivariate systems over finite fields. J. Mathematical Cryptology 3, 3 (2009), 177--197.
[21]
[Bettale et al.(2023)] Luk Bettale, Delaram Kahrobaei, Ludovic Perret, and Javier Verbel. 2023. Biscuit. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/Biscuit-spec-web.pdf.
[22]
[Beullens(2020a)] Ward Beullens. 2020a. Not Enough LESS: An Improved Algorithm for Solving Code Equivalence Problems over Fq. In SAC 2020 (LNCS, Vol. 12804), Orr Dunkelman, Michael J. Jacobson Jr., and Colin O'Flynn (Eds.). Springer, Heidelberg, 387--403.
[23]
[Beullens(2020b)] Ward Beullens. 2020b. Sigma Protocols for MQ, PKP and SIS, and Fishy Signature Schemes. In EUROCRYPT 2020, Part III (LNCS, Vol. 12107), Anne Canteaut and Yuval Ishai (Eds.). Springer, Heidelberg, 183--211.
[24]
[Beullens(2022)] Ward Beullens. 2022. MAYO: Practical Post-quantum Signatures from Oil-and-Vinegar Maps. In SAC 2021 (LNCS, Vol. 13203), Riham AlTawy and Andreas Hülsing (Eds.). Springer, Heidelberg, 355--376.
[25]
[Beullens et al.(2023)] Ward Beullens, Ming-Shing Chen, Jintai Ding, Boru Gong, Matthias J. Kannwischer, Jacques Patarin, Bo-Yuan Peng, Dieter Schmidt, Cheng-Jhih Shih, Chengdong Tao, and Bo-Yin Yang. 2023. UOV. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/specfiles/UOV-spec-web.pdf.
[26]
[Beullens et al.(2019)] Ward Beullens, Jean-Charles Faugère, Eliane Koussa, Gilles Macario-Rat, Jacques Patarin, and Ludovic Perret. 2019. PKP-Based Signature Scheme. In INDOCRYPT 2019 (LNCS, Vol. 11898), Feng Hao, Sushmita Ruj, and Sourav Sen Gupta (Eds.). Springer, Heidelberg, 3--22.
[27]
[Biasse et al.(2020)] Jean-François Biasse, Giacomo Micheli, Edoardo Persichetti, and Paolo Santini. 2020. LESS is More: Code-Based Signatures Without Syndromes. In AFRICACRYPT 20 (LNCS, Vol. 12174), Abderrahmane Nitaj and Amr M. Youssef (Eds.). Springer, Heidelberg, 45--65.
[28]
[Bidoux and Gaborit(2022)] Loïc Bidoux and Philippe Gaborit. 2022. Shorter Signatures from Proofs of Knowledge for the SD, MQ, PKP and RSD Problems. CoRR abs/2204.02915 (2022). arXiv:2204.02915
[29]
[Björklund et al.(2019)] Andreas Björklund, Petteri Kaski, and Ryan Williams. 2019. Solving Systems of Polynomial Equations over GF(2) by a Parity-Counting Self-Reduction. In International Colloquium on Automata, Languages and Programming - ICALP 2019, Christel Baier, Ioannis Chatzigiannakis, Paola Flocchini, and Stefano Leonardi (Eds.). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.
[30]
[Bonnetain et al.(2020)] Xavier Bonnetain, Rémi Bricout, André Schrottenloher, and Yixin Shen. 2020. Improved Classical and Quantum Algorithms for Subset-Sum. In ASIACRYPT 2020, Part II (LNCS, Vol. 12492), Shiho Moriai and Huaxiong Wang (Eds.). Springer, Heidelberg, 633--666.
[31]
[Bos et al.(2009)] Joppe W. Bos, Marcelo E. Kaihara, Thorsten Kleinjung, Arjen K. Lenstra, and Peter L. Montgomery. 2009. On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography. Cryptology ePrint Archive, Report 2009/389. https://eprint.iacr.org/2009/389.
[32]
[Both and May(2017)] Leif Both and Alexander May. 2017. Optimizing BJMM with nearest neighbors: full decoding in 22/21n and McEliece security. In WCC workshop on coding and cryptography, Vol. 214.
[33]
[Both and May(2018)] Leif Both and Alexander May. 2018. Decoding Linear Codes with High Error Rate and Its Impact for LPN Security. In Post-Quantum Cryptography - 9th International Conference, PQCrypto 2018, Tanja Lange and Rainer Steinwandt (Eds.). Springer, Heidelberg, 25--46.
[34]
[Bouillaguet et al.(2010)] Charles Bouillaguet, Hsieh-Chung Chen, Chen-Mou Cheng, Tung Chou, Ruben Niederhagen, Adi Shamir, and Bo-Yin Yang. 2010. Fast Exhaustive Search for Polynomial Systems in F2. In Cryptographic Hardware and Embedded Systems, CHES 2010. 203--218.
[35]
[Carrier and Tillich(2023)] Kevin Carrier and Jean-Pierre Tillich. 2023. pqc-forum: ROUND 3 OFFICIAL COMMENT: SDitH. Available at: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/d_BcUfFGl5o.
[36]
[Chou et al.(2022)] Tung Chou, Ruben Niederhagen, Edoardo Persichetti, Tovohery Hajatiana Randrianarisoa, Krijn Reijnders, Simona Samardjiska, and Monika Trimoska. 2022. Take your MEDS: Digital Signatures from Matrix Code Equivalence. Cryptology ePrint Archive, Report 2022/1559. https://eprint.iacr.org/2022/1559.
[37]
[Courtois et al.(2000a)] Nicolas Courtois, Alexander Klimov, Jacques Patarin, and Adi Shamir. 2000a. Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In EUROCRYPT 2000 (LNCS, Vol. 1807), Bart Preneel (Ed.). Springer, Heidelberg, 392--407.
[38]
[Courtois et al.(2000b)] N. Courtois, A. Klimov, J. Patarin, and A. Shamir. 2000b. Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. EUROCRYPT 2000, LNCS 1807 (2000), 392--407.
[39]
[Cox et al.(2015)] David A. Cox, John Little, and Donal O'Shea. 2015. Gröbner Bases. Springer International Publishing, Cham, 49--119.
[40]
[Ding et al.(2023)] Jintai Ding, Boru Gong, Hao Guo, Xiaoou He, Yi Jin, Yuansheng Pan, Dieter Schmidt, Chengdong Tao, Danli Xie, Bo-Yin Yang, and Ziyu Zhao. 2023. TUOV. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/TUOV-spec-web.pdf.
[41]
[Dinur(2021a)] Itai Dinur. 2021a. Cryptanalytic Applications of the Polynomial Method for Solving Multivariate Equation Systems over GF(2). In Advances in Cryptology - EUROCRYPT 2021, Anne Canteaut and François-Xavier Standaert (Eds.). Springer, 374--403.
[42]
[Dinur(2021b)] Itai Dinur. 2021b. Improved Algorithms for Solving Polynomial Systems over GF(2) by Multiple Parity-Counting. In ACM-SIAM Symposium on Discrete Algorithms (SODA). 2550--2564.
[43]
[Dumer(1991)] Ilya Dumer. 1991. On minimum distance decoding of linear codes. In Proc. 5th Joint Soviet-Swedish Int. Workshop Inform. Theory. 50--52.
[44]
[Esser(2022)] Andre Esser. 2022. Revisiting Nearest-Neighbor-Based Information Set Decoding. Cryptology ePrint Archive, Report 2022/1328. https://eprint.iacr.org/2022/1328.
[45]
[Esser and Bellini(2022)] Andre Esser and Emanuele Bellini. 2022. Syndrome Decoding Estimator. In PKC 2022, Part I (LNCS, Vol. 13177), Goichiro Hanaoka, Junji Shikata, and Yohei Watanabe (Eds.). Springer, Heidelberg, 112--141.
[46]
[Esser et al.(2017)] Andre Esser, Robert Kübler, and Alexander May. 2017. LPN Decoded. In CRYPTO 2017, Part II (LNCS, Vol. 10402), Jonathan Katz and Hovav Shacham (Eds.). Springer, Heidelberg, 486--514.
[47]
[Esser et al.(2022)] Andre Esser, Alexander May, and Floyd Zweydinger. 2022. McEliece Needs a Break - Solving McEliece-1284 and Quasi-Cyclic-2918 with Modern ISD. In EUROCRYPT 2022, Part III (LNCS, Vol. 13277), Orr Dunkelman and Stefan Dziembowski (Eds.). Springer, Heidelberg, 433--457.
[48]
[Esser and Zweydinger(2022)] Andre Esser and Floyd Zweydinger. 2022. New Time-Memory Trade-Offs for Subset Sum - Improving ISD in Theory and Practice. Cryptology ePrint Archive, Report 2022/1329. https://eprint.iacr.org/2022/1329.
[49]
[Faugère(1999)] Jean-Charles Faugère. 1999. A new efficient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139, 1 (1999), 61--88.
[50]
[Faugère(2002)] Jean-Charles Faugère. 2002. A New Efficient Algorithm for Computing GröBner Bases without Reduction to Zero (F5). In Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation (Lille, France) (ISSAC '02). Association for Computing Machinery, New York, NY, USA, 75--83.
[51]
[Feneuil(2022)] Thibauld Feneuil. 2022. Building MPCitH-based Signatures from MQ, MinRank, Rank SD and PKP. IACR Cryptol. ePrint Arch. (2022), 1512. https://eprint.iacr.org/2022/1512
[52]
[Feneuil et al.(2022)] Thibauld Feneuil, Antoine Joux, and Matthieu Rivain. 2022. Syndrome Decoding in the Head: Shorter Signatures from Zero-Knowledge Proofs. In CRYPTO 2022, Part II (LNCS, Vol. 13508), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, 541--572.
[53]
[Feneuil and Rivain(2023)] Thibauld Feneuil and Matthieu Rivain. 2023. MQOM. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/MQOM-spec-web.pdf.
[54]
[Georgiades(1992)] Jean Georgiades. 1992. Some Remarks on the Security of the Identification Scheme Based on Permuted Kernels. J. Cryptol. 5, 2 (1992), 133--137.
[55]
[Goubin et al.(2023)] Louis Goubin, Benoît Cogliati, Jean-Charles Faugère, Pierre-Alain Fouque, Robin Larrieu, Gilles Macario-Rat, Brice Minaud, and Jacques Patarin. 2023. PROV. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/prov-spec-web.pdf.
[56]
[Hamdaoui and Sendrier(2013)] Yann Hamdaoui and Nicolas Sendrier. 2013. A Non Asymptotic Analysis of Information Set Decoding. Cryptology ePrint Archive, Report 2013/162. https://eprint.iacr.org/2013/162.
[57]
[Jaulmes and Joux(2001)] Éliane Jaulmes and Antoine Joux. 2001. Cryptanalysis of PKP: A New Approach. In Public Key Cryptography, 4th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2001, Cheju Island, Korea, February 13-15, 2001, Proceedings (Lecture Notes in Computer Science, Vol. 1992), Kwangjo Kim (Ed.). Springer, 165--172.
[58]
[Joux and Vitse(2018)] Antoine Joux and Vanessa Vitse. 2018. A Crossbred Algorithm for Solving Boolean Polynomial Systems. In Number-Theoretic Methods in Cryptology, Jerzy Kaczorowski, Josef Pieprzyk, and Jacek Pomykała (Eds.). Springer International Publishing, Cham, 3--21.
[59]
[Kipnis et al.(1999)] Aviad Kipnis, Jacques Patarin, and Louis Goubin. 1999. Unbalanced Oil and Vinegar Signature Schemes. In EUROCRYPT'99 (LNCS, Vol. 1592), Jacques Stern (Ed.). Springer, Heidelberg, 206--222.
[60]
[Kleinjung et al.(2017)] Thorsten Kleinjung, Claus Diem, Arjen K. Lenstra, Christine Priplata, and Colin Stahlke. 2017. Computation of a 768-Bit Prime Field Discrete Logarithm. In EUROCRYPT 2017, Part I (LNCS, Vol. 10210), Jean-Sébastien Coron and Jesper Buus Nielsen (Eds.). Springer, Heidelberg, 185--201.
[61]
[Koussa et al.(2019)] Eliane Koussa, Gilles Macario-Rat, and Jacques Patarin. 2019. On the complexity of the Permuted Kernel Problem. Cryptology ePrint Archive, Report 2019/412. https://eprint.iacr.org/2019/412.
[62]
[Lee and Brickell(1988)] Pil Joong Lee and Ernest F Brickell. 1988. An observation on the security of McEliece's public-key cryptosystem. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 275--280.
[63]
[Lenstra et al.(2003)] Arjen K. Lenstra, Eran Tromer, Adi Shamir, Wil Kortsmit, Bruce Dodson, James P. Hughes, and Paul C. Leyland. 2003. Factoring Estimates for a 1024-Bit RSA Modulus. In ASIACRYPT 2003 (LNCS, Vol. 2894), Chi-Sung Laih (Ed.). Springer, Heidelberg, 55--74.
[64]
[Leon(1982)] Jeffrey Leon. 1982. Computing automorphism groups of error-correcting codes. IEEE Transactions on Information Theory 28, 3 (1982), 496--511.
[65]
[May et al.(2011)] Alexander May, Alexander Meurer, and Enrico Thomae. 2011. Decoding Random Linear Codes in Õ(20.054n). In ASIACRYPT 2011 (LNCS, Vol. 7073), Dong Hoon Lee and Xiaoyun Wang (Eds.). Springer, Heidelberg, 107--124.
[66]
[May and Ozerov(2015)] Alexander May and Ilya Ozerov. 2015. On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes. In EURO-CRYPT 2015, Part I (LNCS, Vol. 9056), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 203--228.
[67]
[Melchor et al.(2023)] Carlos Aguilar Melchor, Thibauld Feneuil, Nicolas Gama, Shay Gueron, James Howe, David Joseph, Antoine Joux, Edoardo Persichetti, Tovohery H. Randrianarisoa, Matthieu Rivain, and Dongze Yue. 2023. SDitH. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/SDitH-spec-web.pdf.
[68]
[NIST(2016)] NIST. 2016. Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process. Available at: https://csrc.nist.gov/csrc/media/projects/post-quantum-cryptography/documents/call-for-proposals-final-dec-2016.pdf.
[69]
[NIST(2017)] NIST. 2017. NIST PQC 2017 First Round Submissions. Available at: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-1-submissions.
[70]
[NIST(2022)] NIST. 2022. Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process. Available at: https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf.
[71]
[NIST(2023)] NIST. 2023. NIST PQC 2023 Additional Signature First Round Submissions. Available at: https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures.
[72]
[Patarin and Chauvaud(1993)] Jacques Patarin and Pascal Chauvaud. 1993. Improved Algorithms for the Permuted Kernel Problem. In Advances in Cryptology - CRYPTO '93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings (Lecture Notes in Computer Science, Vol. 773), Douglas R. Stinson (Ed.). Springer, 391--402.
[73]
[Patarin et al.(2023)] Jacques Patarin, Benoît Cogliati, Jean-Charles Faugère, Pierre-Alain Fouque, Louis Goubin, Robin Larrieu, Gilles Macario-Rat, and Brice Minaud. 2023. VOX. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/vox-spec-web.pdf.
[74]
[Peters(2010)] Christiane Peters. 2010. Information-Set Decoding for Linear Codes over Fq. In The Third International Workshop on Post-Quantum Cryptography, PQCRYPTO 2010, Nicolas Sendrier (Ed.). Springer, Heidelberg, 81--94.
[75]
[Petrank and Roth(1997)] Erez Petrank and Ron M. Roth. 1997. Is code equivalence easy to decide? IEEE Trans. Inf. Theory 43, 5 (1997), 1602--1604.
[76]
[Prange(1962)] Eugene Prange. 1962. The use of information sets in decoding cyclic codes. IRE Transactions on Information Theory 8, 5 (1962), 5--9.
[77]
[Reijnders et al.(2022)] Krijn Reijnders, Simona Samardjiska, and Monika Trimoska. 2022. Hardness estimates of the Code Equivalence Problem in the Rank Metric. Cryptology ePrint Archive, Report 2022/276. https://eprint.iacr.org/2022/276.
[78]
[Santini et al.(2022)] Paolo Santini, Marco Baldi, and Franco Chiaraluce. 2022. Computational Hardness of the Permuted Kernel and Subcode Equivalence Problems. Cryptology ePrint Archive, Report 2022/1749. https://eprint.iacr.org/2022/1749.
[79]
[Sendrier(1997)] Nicolas Sendrier. 1997. On the dimension of the hull. SIAM Journal on Discrete Mathematics 10, 2 (1997), 282--293.
[80]
[Sendrier(2000)] Nicolas Sendrier. 2000. Finding the permutation between equivalent linear codes: The support splitting algorithm. IEEE Transactions on Information Theory 46, 4 (2000), 1193--1203.
[81]
[Sendrier and Simos(2013)] Nicolas Sendrier and Dimitrios E Simos. 2013. How easy is code equivalence over Fq?. In International Workshop on Coding and Cryptography-WCC 2013.
[82]
[Stern(1988)] Jacques Stern. 1988. A method for finding codewords of small weight. In International Colloquium on Coding Theory and Applications. Springer, 106--113.
[83]
[Thomae and Wolf(2012)] Enrico Thomae and Christopher Wolf. 2012. Solving Under-determined Systems of Multivariate Quadratic Equations Revisited. In PKC 2012 (LNCS, Vol. 7293), Marc Fischlin, Johannes Buchmann, and Mark Manulis (Eds.). Springer, Heidelberg, 156--171.

Cited By

View all
  • (2024)PERK: compact signature scheme based on a new variant of the permuted kernel problemDesigns, Codes and Cryptography10.1007/s10623-024-01381-292:8(2131-2157)Online publication date: 27-Mar-2024
  • (2024)One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum SignaturesAdvances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0875-1_15(463-493)Online publication date: 10-Dec-2024
  • (2024)Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding AttacksAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68391-6_6(183-217)Online publication date: 17-Aug-2024
  • Show More Cited By

Index Terms

  1. SoK: CryptographicEstimators -- a Software Library for Cryptographic Hardness Estimation

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
      July 2024
      1987 pages
      ISBN:9798400704826
      DOI:10.1145/3634737
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 July 2024

      Check for updates

      Author Tags

      1. computational hardness
      2. parameter selection
      3. hardness assumptions
      4. open source software
      5. estimators

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      ASIA CCS '24
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 418 of 2,322 submissions, 18%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)87
      • Downloads (Last 6 weeks)14
      Reflects downloads up to 16 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)PERK: compact signature scheme based on a new variant of the permuted kernel problemDesigns, Codes and Cryptography10.1007/s10623-024-01381-292:8(2131-2157)Online publication date: 27-Mar-2024
      • (2024)One Tree to Rule Them All: Optimizing GGM Trees and OWFs for Post-Quantum SignaturesAdvances in Cryptology – ASIACRYPT 202410.1007/978-981-96-0875-1_15(463-493)Online publication date: 10-Dec-2024
      • (2024)Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding AttacksAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68391-6_6(183-217)Online publication date: 17-Aug-2024
      • (2024)CryptAttackTester: high-assurance attack analysisAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68391-6_5(141-182)Online publication date: 17-Aug-2024
      • (2024)Polynomial-Time Key-Recovery Attack on the NIST Specification of PROVProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_10(222-235)Online publication date: 3-Jul-2024

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media