Two attacks on rank metric code-based schemes: RankSign and an
Identity-Based-Encryption scheme
release_bypwdkfv5zhizgigg7lir574fq
by
Thomas Debris-Alazard, Jean-Pierre Tillich
2018
Abstract
RankSign [GRSZ14a] is a code-based signature scheme proposed to the NIST
competition for quantum-safe cryptography [AGHRZ17] and, moreover, is a
fundamental building block of a new Identity-Based-Encryption (IBE) [GHPT17a].
This signature scheme is based on the rank metric and enjoys remarkably small
key sizes, about 10KBytes for an intended level of security of 128 bits.
Unfortunately we will show that all the parameters proposed for this scheme in
[AGHRZ17] can be broken by an algebraic attack that exploits the fact that the
augmented LRPC codes used in this scheme have very low weight codewords.
Therefore, without RankSign the IBE cannot be instantiated at this time. As a
second contribution we will show that the problem is deeper than finding a new
signature in rank-based cryptography, we also found an attack on the generic
problem upon which its security reduction relies. However, contrarily to the
RankSign scheme, it seems that the parameters of the IBE scheme could be chosen
in order to avoid our attack. Finally, we have also shown that if one replaces
the rank metric in the [GHPT17a] IBE scheme by the Hamming metric, then a
devastating attack can be found.
In text/plain
format
Archived Files and Locations
application/pdf 447.2 kB
file_khc34r2bk5dntlpgdie7ih4hde
|
arxiv.org (repository) web.archive.org (webarchive) |
1804.02556v2
access all versions, variants, and formats of this works (eg, pre-prints)