Welcome to the resource topic for 2024/1261

Title:
A Key-Recovery Attack on a Leaky Seasign Variant

Authors: Shai Levin

We present a key-recovery attack on a variant of the Seasign signature scheme presented by [Kim24], which attempts to avoid rejection sampling by presampling vectors \mathbf{f} such that the \mathbf{f}-\mathbf{e} is contained in an acceptable bound, where \mathbf{e} is the secret key. We show that this choice leads to a bias of these vectors such that, in a small number of signatures, the secret key can either be completely recovered or its keyspace substantially reduced. In particular, on average, given 20 signatures, with parameter set II of their paper, the attack reduces the private key to 128 possibilities

ePrint: https://eprint.iacr.org/2024/1261

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .