Abstract
In this work, we introduce a new code-based signature scheme, called FuLeeca, based on the NP-hard problem of finding codewords of given Lee-weight. The scheme follows the Hash-and-Sign approach applied to quasi-cyclic codes. Similar approaches in the Hamming metric have suffered statistical attacks, which revealed the small support of the secret basis. Using the Lee metric, we are able to thwart such attacks. We use existing hardness results on the underlying problem and study adapted statistical attacks. We propose parameters for FuLeeca and compare them to an extensive list of proposed post-quantum secure signature schemes including the ones already standardized by NIST. This comparison reveals that FuLeeca is competitive. For example, for NIST category I, i.e., 160 bit of classical security, we obtain an average signature size of 1100 bytes and public key sizes of 1318 bytes. Comparing the total communication cost, i.e., the sum of the signature and public key size, we see that FuLeeca is only outperformed by Falcon while the other standardized schemes Dilithium and SPHINCS+ show higher communication costs than FuLeeca.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See for example [31], where the CFS scheme using high rate Goppa codes has been attacked.
- 2.
- 3.
- 4.
- 5.
- 6.
The implementation is publicly available at https://cpucycles.cr.yp.to/.
References
Aguilar-Melchor, C., Gama, N., Howe, J., Hülsing, A., Joseph, D., Yue, D.: The return of the SDitH. Cryptology ePrint Archive (2022)
Aragon, N., Blazy, O., Gaborit, P., Hauteville, A., Zémor, G.: Durandal: a rank metric based signature scheme. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 728–758. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_25
Aragon, N., Dyseryn, V., Gaborit, P.: Analysis of the security of the PSSI problem and cryptanalysis of the Durandal signature scheme. Cryptology ePrint Archive (2023)
Astola, J.: On the asymptotic behaviour of Lee-codes. Discret. Appl. Math. 8(1), 13–23 (1984)
Aumasson, J.P., et al.: \(\text{SPHINCS}^+\), submission to the NIST post-quantum project, vol. 3 (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Baldi, M., Bianchi, M., Chiaraluce, F., Rosenthal, J., Schipani, D.: Using LDGM codes and sparse syndromes to achieve digital signatures. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 1–15. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38616-9_1
Baldi, M., Bitzer, S., Pavoni, A., Santini, P., Wachter-Zeh, A., Weger, V.: Zero knowledge protocols and signatures from the restricted syndrome decoding problem. Cryptology ePrint Archive (2023)
Barenghi, A., Biasse, J.-F., Persichetti, E., Santini, P.: LESS-FM: fine-tuning signatures from the code equivalence problem. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 23–43. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81293-5_2
Barg, A.: Complexity issues in coding theory. Technical report TR97-046, Electronic Colloquium on Computational Complexity (ECCC) (1997). https://eccc.weizmann.ac.il/eccc-reports/1997/TR97-046/index.html. ISSN 1433-8092
Barg, A.: Some new NP-complete coding problems. Problemy Peredachi Informatsii 30(3), 23–28 (1994). https://www.mathnet.ru/eng/ppi241
Bariffi, J., Bartz, H., Liva, G., Rosenthal, J.: On the properties of error patterns in the constant Lee weight channel. In: International Zurich Seminar on Information and Communication (IZS 2022) Proceedings, pp. 44–48. ETH Zurich (2022)
Bariffi, J., Khathuria, K., Weger, V.: Information set decoding for Lee-metric codes using restricted balls. In: Deneuville, J.C. (ed.) CBCrypto 2022. LNCS, vol. 13839, pp. 110–136. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-29689-5_7
Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in \(2^{n/20}\): how 1+1=0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_31
Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34
Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)
Bernstein, D.J.: Grover vs. McEliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 73–80. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12929-2_6
Beullens, W.: Sigma protocols for MQ, PKP and SIS, and fishy signature schemes. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 183–211. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_7
Bhattacharyya, M., Raina, A.: A quantum algorithm for syndrome decoding of classical error-correcting linear block codes. In: 2022 IEEE/ACM 7th Symposium on Edge Computing (SEC), pp. 456–461 (2022). https://doi.org/10.1109/SEC54971.2022.00069
Bidoux, L., Gaborit, P.: Shorter signatures from proofs of knowledge for the SD, MQ, PKP and RSD problems. arXiv preprint arXiv:2204.02915 (2022)
Blömer, J., Naewe, S.: Sampling methods for shortest vectors, closest vectors and successive minima. Theoret. Comput. Sci. 410(18), 1648–1665 (2009)
Byrne, E., Horlemann, A.L., Khathuria, K., Weger, V.: Density of free modules over finite chain rings. Linear Algebra Appl. 651, 1–25 (2022)
Chailloux, A., Debris-Alazard, T., Etinski, S.: Classical and Quantum algorithms for generic Syndrome Decoding problems and applications to the Lee metric (2021). https://eprint.iacr.org/2021/552. Report Number: 552
Cho, J., No, J.S., Lee, Y., Koo, Z., Kim, Y.S.: Enhanced pqsigRM: code-based digital signature scheme with short signature and fast verification for post-quantum cryptography. Cryptology ePrint Archive (2022)
Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_10
Dachman-Soled, D., Ducas, L., Gong, H., Rossi, M.: LWE with side information: attacks and concrete security estimation. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 329–358. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_12
Debris-Alazard, T., Sendrier, N., Tillich, J.-P.: Wave: a new family of trapdoor one-way preimage sampleable functions based on codes. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 21–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_2
Deneuville, J.-C., Gaborit, P.: Cryptanalysis of a code-based one-time signature. Des. Codes Crypt. 88(9), 1857–1866 (2020). https://doi.org/10.1007/s10623-020-00737-8
Ducas, L., et al.: Crystals-dilithium - algorithm specifications and supporting documentation (version 3.1) (2021). https://pq-crystals.org/dilithium/resources.shtml
Dumer, I.I.: Two decoding algorithms for linear codes. Problemy Peredachi Informatsii 25(1), 24–32 (1989)
Espitau, T., Tibouchi, M., Wallet, A., Yu, Y.: Shorter hash-and-sign lattice-based signatures. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13508, pp. 245–275. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_9
Faugere, J.C., Gauthier-Umana, V., Otmani, A., Perret, L., Tillich, J.P.: A distinguisher for high-rate McEliece cryptosystems. IEEE Trans. Inf. Theory 59(10), 6830–6844 (2013)
Feneuil, T.: Building MPCitH-based signatures from MQ, MinRank. Rank SD and PKP. Cryptology ePrint Archive (2022)
Feneuil, T., Joux, A., Rivain, M.: Shared permutation for syndrome decoding: new zero-knowledge protocol and code-based signature. Des. Codes Cryptogr. 91, 1–46 (2022)
Feneuil, T., Joux, A., Rivain, M.: Syndrome decoding in the head: Shorter signatures from zero-knowledge proofs. Cryptology ePrint Archive (2022)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Fouque, P.A., et al.: FALCON: fast-fourier lattice-based compact signatures over NTRU, specification v1.2 (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Gardy, D., Solé, P.: Saddle point techniques in asymptotic coding theory. In: Cohen, G., Lobstein, A., Zémor, G., Litsyn, S. (eds.) Algebraic Coding 1991. LNCS, vol. 573, pp. 75–81. Springer, Heidelberg (1992). https://doi.org/10.1007/BFb0034343
Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_12
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, pp. 197–206 (2008)
Gligoroski, D., Samardjiska, S., Jacobsen, H., Bezzateev, S.: McEliece in the world of Escher. Cryptology ePrint Archive (2014)
Gueron, S., Persichetti, E., Santini, P.: Designing a practical code-based signature scheme from zero-knowledge proofs with trusted setup. Cryptography 6(1), 5 (2022)
Horlemann-Trautmann, A.L., Weger, V.: Information set decoding in the Lee metric with applications to cryptography. Adv. Math. Commun. 15(4) (2021)
Jang, K., Baksi, A., Kim, H., Song, G., Seo, H., Chattopadhyay, A.: Quantum analysis of AES. Cryptology ePrint Archive (2022)
Löndahl, C., Johansson, T., Koochak Shooshtari, M., Ahmadian-Attari, M., Aref, M.R.: Squaring attacks on McEliece public-key cryptosystems using quasi-cyclic codes of even dimension. Des. Codes Crypt. 80, 359–377 (2016)
May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_6
Moody, D., Perlner, R.: Vulnerabilities of “McEliece in the world of escher’’. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 104–117. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_8
Persichetti, E.: Efficient one-time signatures from quasi-cyclic codes: a full treatment. Cryptography 2(4), 30 (2018)
Phesso, A., Tillich, J.-P.: An efficient attack on a code-based signature scheme. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 86–103. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_7
Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)
Regev, O., Rosen, R.: Lattice problems and norm embeddings. In: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, pp. 447–456 (2006)
Santini, P., Baldi, M., Chiaraluce, F.: Cryptanalysis of a one-time code-based digital signature scheme. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 2594–2598. IEEE (2019)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)
Sendrier, N.: Decoding one out of many. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 51–67. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_4
National Institute of Standards and Technology: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical report (2015). https://doi.org/10.6028/nist.fips.202
Stern, J.: A method for finding codewords of small weight. Coding Theory Appl. 388, 106–113 (1989)
Weger, V., Khathuria, K., Horlemann, A.L., Battaglioni, M., Santini, P., Persichetti, E.: On the hardness of the Lee syndrome decoding problem. Adv. Math. Commun. (2022). https://doi.org/10.3934/amc.2022029. https://www.aimsciences.org/en/article/doi/10.3934/amc.2022029
Acknowledgments
We would like to thank Sabine Pircher, Georg Sigl, Thomas Debris-Alazard and Wessel van Woerden for meaningful discussions.
Violetta Weger is supported by the European Union’s Horizon 2020 research and innovation program under the Marie Skłodowska-Curie grant agreement no. 899987. Sebastian Bitzer, Georg Maringer, Stefan Ritterhoff and Antonia Wachter-Zeh were supported by the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG) under Grant No. WA3907/4-1, the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement no. 801434), and acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the program of “Souverän. Digital. Vernetzt.”. Joint project 6G-life, project identification number: 16KISK002. Patrick Karl acknowledges the financial support by the Federal Ministry of Education and Research of Germany in the program of “Souverän. Digital. Vernetzt.”. Joint project 6G-life, project identification number: 16KISK002.
The authors would like to thank Wessel van Woerden and Felicitas Hörmann for pointing out the possible attack on FuLeeca.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ritterhoff, S. et al. (2023). FuLeeca: A Lee-Based Signature Scheme. In: Esser, A., Santini, P. (eds) Code-Based Cryptography. CBCrypto 2023. Lecture Notes in Computer Science, vol 14311. Springer, Cham. https://doi.org/10.1007/978-3-031-46495-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-46495-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-46494-2
Online ISBN: 978-3-031-46495-9
eBook Packages: Computer ScienceComputer Science (R0)