[Resource Topic] 2024/148: Preliminary Cryptanalysis of the Biscuit Signature Scheme

Welcome to the resource topic for 2024/148

Preliminary Cryptanalysis of the Biscuit Signature Scheme

Authors: Charles Bouillaguet, Julia Sauvage


Biscuit is a recent multivariate signature scheme based on the MPC-in-the-Head paradigm. It has been submitted to the NIST competition for additional signature schemes. Signatures are derived from a zero-knowledge proof of knowledge of the solution of a structured polynomial system. This extra structure enables efficient proofs and compact signatures. This short note demonstrates that it also makes these polynomial systems easier to solve than random ones. As a consequence, the original parameters of Biscuit failed to meet the required security levels and had to be upgraded.

ePrint: https://eprint.iacr.org/2024/148

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .