Public quadratic polynomial-tuples for efficient signature-verification and message-encryption
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Efficient signature schemes based on birational permutations
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
FLASH, a Fast Multivariate Signature Algorithm
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
NTRUSign: digital signatures using the NTRU lattice
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Building secure tame-like multivariate public-key cryptosystems: the new TTS
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Differential cryptanalysis for multivariate schemes
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Remarks on the Attack of Fouque et al. against the l IC Scheme
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Public-key identification schemes based on multivariate quadratic polynomials
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Properties of the discrete differential with cryptographic applications
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Practical key-recovery for all possible parameters of SFLASH
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Feasibility of position-based multivariate cryptosystems for WSN
International Journal of Internet Technology and Secured Transactions
Public-Key cryptography from new multivariate quadratic assumptions
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
A new public key signature scheme based on multivariate polynomials
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
| Hi-index | 0.00 |
SFLASH is a signature scheme which belongs to a family of multivariate schemes proposed by Patarin et al.in 1998 [9]. The SFLASH scheme itself has been designed in 2001 [8] and has been selected in 2003 by the NESSIE European Consortium [6] as the best known solution for implementation on low cost smart cards. In this paper, we show that slight modifications of the parameters of SFLASH within the general family initially proposed renders the scheme insecure. The attack uses simple linear algebra, and allows to forge a signature for an arbitrary message in a question of minutes for practical parameters, using only the public key. Although SFLASH itself is not amenable to our attack, it is worrying to observe that no rationale was ever offered for this "lucky" choice of parameters.