An improved Durandal signature scheme

Abstract: Constructing secure and effective code-based signature schemes has been an open problem. In this paper, we efficiently reduce the key size of the Durandal signature scheme introduced by Aragon et al. (EUROCRYPT 2019). We prove that the improved scheme is EUF-CMA secure by reducing its security to the advanced product spaces subspaces indistinguishability (PSSI +) problem, the decisional rank syndrome decoding (DRSD) problem, and the affine rank syndrome decoding (ARSD) problem under the random oracle model. Fu… Show more

“…To reduce the public key size of the original Durandal and the SHMW signature scheme, the authors in [2] , [20] considered and to have an ideal structure as in Definition 3 for an irreducible polynomial P . Consequently, each equation of the form and can be shifted modulo P to generate k syndrome.…”

“…Based on 2 , it is evident that our first approach is not as efficient as the key recovery attacks (solving RSD in Table 2 ) proposed in [2] , [20] . Nevertheless, our first approach can be further improved with some modifications, as explained in Section 5 .…”

“…From Table 2 and Table 3 , we observe that our second approach improved the efficiency of our first approach. Furthermore, the second approach is more efficient than the proposed key recovery attack (Solving RSD in Table 3 ) in [2] , [20] .…”

“…In the Hamming metric, signature schemes such as RaCoSS [17] and Persichetti's signature scheme [16] were shown to be insecure as information leaks from the secret. More recently, the Schnorr approach has been considered in constructing rank metric code-based signature schemes such as RQCS [19] , TPL [22] , Durandal [2] , MURAVE [13] and the SHMW signature scheme [20] . However, the RQCS signature scheme was successfully cryptanalyzed in [1] .…”

“…Moreover, the authors in [1] have shown that the Durandal signature schemes achieve EUF-CMA security. Later, Song et al [20] proposed a modified version of Durandal with smaller key sizes and signature sizes, namely the SHMW signature scheme. The authors asserted that their scheme offers enhanced security compared to the original Durandal scheme.…”

Cryptanalysis of the SHMW signature scheme

“…To reduce the public key size of the original Durandal and the SHMW signature scheme, the authors in [2] , [20] considered and to have an ideal structure as in Definition 3 for an irreducible polynomial P . Consequently, each equation of the form and can be shifted modulo P to generate k syndrome.…”

“…Based on 2 , it is evident that our first approach is not as efficient as the key recovery attacks (solving RSD in Table 2 ) proposed in [2] , [20] . Nevertheless, our first approach can be further improved with some modifications, as explained in Section 5 .…”

“…From Table 2 and Table 3 , we observe that our second approach improved the efficiency of our first approach. Furthermore, the second approach is more efficient than the proposed key recovery attack (Solving RSD in Table 3 ) in [2] , [20] .…”

“…In the Hamming metric, signature schemes such as RaCoSS [17] and Persichetti's signature scheme [16] were shown to be insecure as information leaks from the secret. More recently, the Schnorr approach has been considered in constructing rank metric code-based signature schemes such as RQCS [19] , TPL [22] , Durandal [2] , MURAVE [13] and the SHMW signature scheme [20] . However, the RQCS signature scheme was successfully cryptanalyzed in [1] .…”

“…Moreover, the authors in [1] have shown that the Durandal signature schemes achieve EUF-CMA security. Later, Song et al [20] proposed a modified version of Durandal with smaller key sizes and signature sizes, namely the SHMW signature scheme. The authors asserted that their scheme offers enhanced security compared to the original Durandal scheme.…”

Cryptanalysis of the SHMW signature scheme

A code-based signature scheme from the Lyubashevsky framework

Statistical zero-knowledge and analysis of rank-metric zero-knowledge proofs of knowledge