WEKO3
アイテム
Chosen Message Attack on Multivariate Signature ELSA at Asiacrypt 2017
https://ipsj.ixsq.nii.ac.jp/records/199564
https://ipsj.ixsq.nii.ac.jp/records/1995645c079c3f-241d-4938-afa4-3794f4b3871c
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6009005.pdf (289.4 kB)
|
Copyright (c) 2019 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2019-09-15 | |||||||||||
| タイトル | ||||||||||||
| タイトル | Chosen Message Attack on Multivariate Signature ELSA at Asiacrypt 2017 | |||||||||||
| タイトル | ||||||||||||
| 言語 | en | |||||||||||
| タイトル | Chosen Message Attack on Multivariate Signature ELSA at Asiacrypt 2017 | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| キーワード | ||||||||||||
| 主題Scheme | Other | |||||||||||
| 主題 | [特集:デジタルトランスフォーメーションを加速するコンピュータセキュリティ技術(推薦論文)] post-quantum cryptography, multivariate public-key cryptography, chosen message attack, Rainbow, ELSA | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者所属 | ||||||||||||
| Department of Mathematical Science, University of the Ryukyus | ||||||||||||
| 著者所属 | ||||||||||||
| Department of Mathematical Informatics, the University of Tokyo/Presently with Institute of Mathematics for Industry, Kyushu University | ||||||||||||
| 著者所属 | ||||||||||||
| Department of Mathematical Informatics, the University of Tokyo | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Department of Mathematical Science, University of the Ryukyus | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Department of Mathematical Informatics, the University of Tokyo / Presently with Institute of Mathematics for Industry, Kyushu University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Department of Mathematical Informatics, the University of Tokyo | ||||||||||||
| 著者名 |
Yasufumi, Hashimoto
× Yasufumi, Hashimoto
× Yasuhiko, Ikematsu
× Tsuyoshi, Takagi
|
|||||||||||
| 著者名(英) |
Yasufumi, Hashimoto
× Yasufumi, Hashimoto
× Yasuhiko, Ikematsu
× Tsuyoshi, Takagi
|
|||||||||||
| 論文抄録 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | One of the most efficient post-quantum signature schemes is Rainbow whose hardness is based on the multivariate quadratic polynomial (MQ) problem. ELSA, a new multivariate signature scheme proposed at Asiacrypt 2017, has a similar construction to Rainbow. Its advantages, compared to Rainbow, are its smaller secret key and faster signature generation. In addition, its existential unforgeability against an adaptive chosen-message attack has been proven under the hardness of the MQ-problem induced by a public key of ELSA with a specific parameter set in the random oracle model. The high efficiency of ELSA is derived from a set of hidden quadratic equations used in the process of signature generation. However, the hidden quadratic equations yield a vulnerability. In fact, a piece of information of these equations can be recovered by using valid signatures and an equivalent secret key can be partially recovered from it. In this paper, we describe how to recover an equivalent secret key of ELSA by a chosen message attack. Our experiments show that we can recover an equivalent secret key for the claimed 128-bit security parameter of ELSA on a standard PC in 177 seconds with 1,326 valid signatures. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.27(2019) (online) DOI http://dx.doi.org/10.2197/ipsjjip.27.517 ------------------------------ |
|||||||||||
| 論文抄録(英) | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | One of the most efficient post-quantum signature schemes is Rainbow whose hardness is based on the multivariate quadratic polynomial (MQ) problem. ELSA, a new multivariate signature scheme proposed at Asiacrypt 2017, has a similar construction to Rainbow. Its advantages, compared to Rainbow, are its smaller secret key and faster signature generation. In addition, its existential unforgeability against an adaptive chosen-message attack has been proven under the hardness of the MQ-problem induced by a public key of ELSA with a specific parameter set in the random oracle model. The high efficiency of ELSA is derived from a set of hidden quadratic equations used in the process of signature generation. However, the hidden quadratic equations yield a vulnerability. In fact, a piece of information of these equations can be recovered by using valid signatures and an equivalent secret key can be partially recovered from it. In this paper, we describe how to recover an equivalent secret key of ELSA by a chosen message attack. Our experiments show that we can recover an equivalent secret key for the claimed 128-bit security parameter of ELSA on a standard PC in 177 seconds with 1,326 valid signatures. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.27(2019) (online) DOI http://dx.doi.org/10.2197/ipsjjip.27.517 ------------------------------ |
|||||||||||
| 書誌レコードID | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AN00116647 | |||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 60, 号 9, 発行日 2019-09-15 |
|||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||
