| Item type |
Symposium(1) |
| 公開日 |
2024-10-15 |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Lifting approach against the SNOVA scheme |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Lifting approach against the SNOVA scheme |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
Post-Quantum Cryptography, Multivariate Cryptography, UOV, SNOVA, Key Recovery Attack |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_5794 |
|
資源タイプ |
conference paper |
| 著者所属 |
|
|
|
茨城大学 工学部 |
| 著者所属 |
|
|
|
茨城大学 工学部 |
| 著者所属 |
|
|
|
日本電信電話株式会社 社会情報研究所 |
| 著者所属(英) |
|
|
|
en |
|
|
Department of Computer and Information Sciences, Ibaraki University |
| 著者所属(英) |
|
|
|
en |
|
|
Department of Computer and Information Sciences, Ibaraki University |
| 著者所属(英) |
|
|
|
en |
|
|
NTT Social Informatics Laboratories |
| 著者名 |
中村, 周平
谷, 優輔
古江, 弘樹
|
| 著者名(英) |
Shuhei, Nakamura
Yusuke, Tani
Hiroki, Furue
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
In 2022, Wang et al. proposed the multivariate signature scheme SNOVA as a UOV variant over the non-commutative ring of ℓ× ℓ matrices over Fq. This scheme has small public key and signature size and is a first round candidate of NIST PQC additional digital signature project. Recently, Ikematsu and Akiyama, and Li and Ding show that the core matrices of SNOVA with v vinegar-variables and o oil-variables are regarded as the representation matrices of UOV with ℓv vinegar-variables and ℓo oil-variables over Fq, and thus we can apply existing key recovery attacks as a plain UOV. In this paper, we propose a method that reduces SNOVA to smaller UOV with v vinegar-variables and o oil-variables over Fqℓ . As a result, we show that the previous first round parameter sets at ℓ = 2 do not meet the NIST PQC security levels. We also confirm that the present parameter sets are secure from existing key recovery attacks with our approach. |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
In 2022, Wang et al. proposed the multivariate signature scheme SNOVA as a UOV variant over the non-commutative ring of ℓ× ℓ matrices over Fq. This scheme has small public key and signature size and is a first round candidate of NIST PQC additional digital signature project. Recently, Ikematsu and Akiyama, and Li and Ding show that the core matrices of SNOVA with v vinegar-variables and o oil-variables are regarded as the representation matrices of UOV with ℓv vinegar-variables and ℓo oil-variables over Fq, and thus we can apply existing key recovery attacks as a plain UOV. In this paper, we propose a method that reduces SNOVA to smaller UOV with v vinegar-variables and o oil-variables over Fqℓ . As a result, we show that the previous first round parameter sets at ℓ = 2 do not meet the NIST PQC security levels. We also confirm that the present parameter sets are secure from existing key recovery attacks with our approach. |
| 書誌情報 |
コンピュータセキュリティシンポジウム2024論文集
p. 1362-1368,
発行日 2024-10-15
|
| 出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |
IPSJ-CSS2024182.pdf (221.8 kB)
