We consider a one-time digital signature scheme recently proposed by Persichetti and show that a successful key recovery attack can be mounted with limited complexity. The attack we propose exploits a single signature intercepted by the attacker, and relies on a statistical analysis performed over such a signature, followed by information set decoding. We assess the attack complexity and show that a full recovery of the secret key can be performed with a work factor that is far below the claimed security level. The efficiency of the attack is motivated by the sparsity of the signature, which leads to a significant information leakage about the secret key.
Cryptanalysis of a One-Time Code-Based Digital Signature Scheme / Santini, Paolo; Baldi, Marco; Chiaraluce, Franco. - ELETTRONICO. - (2019), pp. 2594-2598. (Intervento presentato al convegno 2019 IEEE International Symposium on Information Theory tenutosi a Paris, France nel 7-12 July 2019) [10.1109/ISIT.2019.8849244].
Cryptanalysis of a One-Time Code-Based Digital Signature Scheme
Paolo Santini
;Marco Baldi;Franco Chiaraluce
2019-01-01
Abstract
We consider a one-time digital signature scheme recently proposed by Persichetti and show that a successful key recovery attack can be mounted with limited complexity. The attack we propose exploits a single signature intercepted by the attacker, and relies on a statistical analysis performed over such a signature, followed by information set decoding. We assess the attack complexity and show that a full recovery of the secret key can be performed with a work factor that is far below the claimed security level. The efficiency of the attack is motivated by the sparsity of the signature, which leads to a significant information leakage about the secret key.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.