Generic Attacks and the Security of Quartz
نویسنده
چکیده
The signature scheme Quartz is based on a trapdoor function G belonging to a family called HFEv-. It has two independent security parameters, and we claim that if d is big enough, no better method to compute an inverse of G than the exhaustive search is known. Such a (quite strong) assumption, allows to view Quartz as a general construction, that transforms a trapdoor function into a short signature scheme. The main object of this paper is the concrete security of this construction. On one hand, we present generic attacks on such schemes. On the other hand, we study the possibility to prove or justify the security with some well chosen assumptions. Unfortunately for Quartz, our lower and upper security bounds do not coincide. Still the best attack known for Quartz is our generic attack using O(280) computations with O(280) of memory. We will also propose an alternative way of doing short signatures for which both bounds do coincide.
منابع مشابه
Short Signatures, Provable Security and Generic Attacks for Multivariate Polynomial Schemes such as HFE, Quartz and Sflash
The object of this paper is the concrete security of recent multivariate signature schemes. A major challenge is to reconcile some ”tricky” ad-hoc constructions that allow to make short signatures, with regular provable security. The paper is composed of two parts. In the first part of this paper we formalize and confront with the most recent attacks the security of several known multivariate t...
متن کاملShort Signatures, Provable Security, Generic Attacks and Computational Security of Multivariate Polynomial Schemes such as HFE, Quartz and Sflash
The object of this paper is the concrete security of recent multivariate signature schemes. A major challenge is to reconcile some ”tricky” ad-hoc constructions that allow to make short signatures, with regular provable security. The paper is composed of two parts. In the first part of this paper we formalize and confront with the most recent attacks the security of several known multivariate t...
متن کاملA Generic Scheme Based on Trapdoor One-Way Permutations with Signatures as Short as Possible
We answer the open question of the possibility of building a digital signature scheme with proven security based on the one-wayness of a trapdoor permutation and with signatures as short as possible. Our scheme is provably secure against existential forgery under chosenmessage attacks (with tight reduction) in the ideal cipher model. It is a variant of the construction used in QUARTZ [11], that...
متن کاملStream ciphers and the eSTREAM project
Stream ciphers are an important class of symmetric cryptographic algorithms. The eSTREAM project contributed significantly to the recent increase of activity in this field. In this paper, we present a survey of the eSTREAM project. We also review recent time/memory/data and time/memory/key trade-offs relevant for the generic attacks on stream ciphers.
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کامل