Item type |
Symposium(1) |
公開日 |
2021-10-19 |
タイトル |
|
|
タイトル |
A New Fault Attack on UOV Multivariate Signature Scheme |
タイトル |
|
|
言語 |
en |
|
タイトル |
A New Fault Attack on UOV Multivariate Signature Scheme |
言語 |
|
|
言語 |
eng |
キーワード |
|
|
主題Scheme |
Other |
|
主題 |
post-quantum cryptography,multivariate cryptography,UOV,fault attack |
資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_5794 |
|
資源タイプ |
conference paper |
著者所属 |
|
|
|
東京大学 |
著者所属 |
|
|
|
NTT社会情報研究所 |
著者所属 |
|
|
|
東京大学 |
著者所属 |
|
|
|
東京大学 |
著者所属(英) |
|
|
|
en |
|
|
The University of Tokyo |
著者所属(英) |
|
|
|
en |
|
|
NTT Social Informatics Laboratories |
著者所属(英) |
|
|
|
en |
|
|
The University of Tokyo |
著者所属(英) |
|
|
|
en |
|
|
The University of Tokyo |
著者名 |
古江, 弘樹
清村, 優太郎
長澤, 達也
高木, 剛
|
著者名(英) |
Hiroki, Furue
Yutaro, Kiyomura
Tatsuya, Nagasawa
Tsuyoshi, Takagi
|
論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
The unbalanced oil and vinegar signature scheme (UOV), which is one of the multivariate signature schemes, is expected to be secure against quantum attacks. In this paper, we propose a new fault attack on UOV using, for the first time, faults caused on a central map. In the proposed attack, the linear map T of the secret key is partially recovered using signatures generated from a faulty secret key. Furthermore, we propose a new algebraic method for executing a known attack with a smaller complexity by using the partially recovered information of T. For a parameter set UOV (16,60,39) satisfying 100-bit security, our simulation shows that the proposed attack recovers the secret key with a smaller complexity than the claimed security level with approximately 90% probability. |
論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
The unbalanced oil and vinegar signature scheme (UOV), which is one of the multivariate signature schemes, is expected to be secure against quantum attacks. In this paper, we propose a new fault attack on UOV using, for the first time, faults caused on a central map. In the proposed attack, the linear map T of the secret key is partially recovered using signatures generated from a faulty secret key. Furthermore, we propose a new algebraic method for executing a known attack with a smaller complexity by using the partially recovered information of T. For a parameter set UOV (16,60,39) satisfying 100-bit security, our simulation shows that the proposed attack recovers the secret key with a smaller complexity than the claimed security level with approximately 90% probability. |
書誌情報 |
コンピュータセキュリティシンポジウム2021論文集
p. 841-846,
発行日 2021-10-19
|
出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |