Improving Support-Minors Rank Attacks: Applications to G$$\displaystyle e$$MSS and Rainbow

Baena, John B.; Briaud, Pierre; Cabarcas, Daniel; Perlner, Ray A.; Smith-Tone, Daniel; Verbel, Javier A.

doi:10.1007/978-3-031-15982-4_13

“…In contrast, the attack of [109] is polynomial in the number of vinegar variables and is not affected greatly by the number of removed equations. This attack is further improved by the techniques in [264], where it is shown how to implement the much more efficient support minors MinRank approach [144] in the case that the solution is in an extension field.…”

Section: Sphincs +mentioning

confidence: 99%

“…The result undermines the basic design principles of HFEv-. Possible modifications to repair the scheme -such as abandoning the vinegar and minus modifiers and increasing the degree of the HFE polynomial to reach the target security level or adding a projection or plus modifier to thwart the new attacks, as suggested in [265] -would both represent too large a change to the original submission and render the performance of the resulting scheme unacceptable, as shown in [264]. Therefore, NIST decided not to advance GeMSS.…”

Section: Sphincs +mentioning

confidence: 99%

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

“…In contrast, the attack of [109] is polynomial in the number of vinegar variables and is not affected greatly by the number of removed equations. This attack is further improved by the techniques in [262], where it is shown how to implement the much more efficient support minors MinRank approach [144] in the case that the solution is in an extension field.…”

Section: Sphincs +mentioning

confidence: 99%

“…The result undermines the basic design principles of HFEv-. Possible modifications to repair the scheme -such as abandoning the vinegar and minus modifiers and increasing the degree of the HFE polynomial to reach the target security level or adding a projection or plus modifier to thwart the new attacks, as suggested in [263] -would both represent too large a change to the original submission and render the performance of the resulting scheme unacceptable, as shown in [262]. Therefore, NIST decided not to advance GeMSS.…”

Section: Sphincs +mentioning

confidence: 99%

“…Together with the support minors method of solving MinRank instances (see [144]), this new "rectangular MinRank attack" reduced the complexity of the best known attacks on the various Rainbow parameter sets by 20 to 55 bits of security in the gate metric, showing that all of the Rainbow parameter sets fall significantly below their security targets, when memory costs are ignored. Subsequently, an analysis incorporating the significant memory access cost of this attack [262] suggests that all of the Rainbow parameters fail to meet their purported security levels, even when memory costs are taken into account. Finally, a new attack [13] provides a new hybrid combinatorial/algebraic attack and an improvement of the rectangular MinRank attacks that further reduces the security of all parameter sets to the extent that an attack on Rainbow-I has become practical.…”

Section: Rainbowmentioning

confidence: 99%

See 1 more Smart Citation

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

2F - A New Method for Constructing Efficient Multivariate Encryption Schemes

Smith-Tone

¹

2022

Post-Quantum Cryptography

0

View full text Add to dashboard Cite

Improving Support-Minors Rank Attacks: Applications to G$$\displaystyle e$$MSS and Rainbow

Cited by 8 publications

References 35 publications

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

2F - A New Method for Constructing Efficient Multivariate Encryption Schemes

Contact Info

Product

Resources

About