Welcome to the resource topic for 2024/1374
Title:
Lifting approach against the SNOVA scheme
Authors: Shuhei Nakamura, Yusuke Tani, Hiroki Furue
Abstract:In 2022, Wang et al. proposed the multivariate signature scheme SNOVA as a UOV variant over the non-commutative ring of \ell \times \ell matrices over \mathbb{F}_q.
This scheme has small public key and signature size and is a first round candidate of NIST PQC additional digital signature project.
Recently, Ikematsu and Akiyama, and Li and Ding show that the core matrices of SNOVA with v vinegar-variables and o oil-variables are regarded as the representation matrices of UOV with \ell v vinegar-variables and \ell o oil-variables over \mathbb{F}_q, and thus we can apply existing key recovery attacks as a plain UOV.
In this paper, we propose a method that reduces SNOVA to smaller UOV with v vinegar-variables and o oil-variables over \mathbb{F}_{q^\ell }. As a result, we show that the previous first round parameter sets at \ell = 2 do not meet the NIST PQC security levels. We also confirm that the present parameter sets are secure from existing key recovery attacks with our approach.
ePrint: https://eprint.iacr.org/2024/1374
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .