Efficient signature schemes based on polynomial equations
Proceedings of CRYPTO 84 on Advances in cryptology
Analysis of a public key approach based on polynomial substitution
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Public quadratic polynomial-tuples for efficient signature-verification and message-encryption
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Efficient signature schemes based on birational permutations
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
The MAGMA algebra system I: the user language
Journal of Symbolic Computation - Special issue on computational algebra and number theory: proceedings of the first MAGMA conference
Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
An efficient signature scheme based on quadratic equations
STOC '84 Proceedings of the sixteenth annual ACM symposium on Theory of computing
Cryptanalysis of SFLASH with Slightly Modified Parameters
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Practical cryptanalysis of SFLASH
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Key recovery on hidden monomial multivariate schemes
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Equivalent keys in HFE, c*, and variations
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Efficient implementations of MQPKS on constrained devices
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
In this paper we present a new practical key-recovery attack on the SFLASH signature scheme. SFLASH is a derivative of the older C* encryption and signature scheme that was broken in 1995 by Patarin. In SFLASH, the public key is truncated, and this simple countermeasure prevents Patarin's attack. The scheme is well-known for having been considered secure and selected in 2004 by the NESSIE project of the European Union to be standardized. However, SFLASH was practically broken in 2007 by Dubois, Fouque, Stern and Shamir. Their attack breaks the original (and most relevant) parameters, but does not apply when more than half of the public key is truncated. It is therefore possible to choose parameters such that SFLASH is not broken by the existing attacks, although it is less efficient. We show a key-recovery attack that breaks the full range of parameters in practice, as soon as the information-theoretically required amount of information is available from the public-key. The attack uses new cryptanalytic tools, most notably pencils of matrices and quadratic forms.