Cryptanalysis of a rank-based signature with short public keys

  • Nicolas Aragon
  • Olivier Blazy
  • Jean-Christophe DeneuvilleEmail author
  • Philippe Gaborit
  • Terry Shue Chien Lau
  • Chik How Tan
  • Keita Xagawa


Following Schnorr framework for obtaining digital signatures, Song et al. recently proposed a new instantiation of a signature scheme featuring small public keys from coding assumptions in rank metric, which was accepted at PKC’19. Their proposal makes use of rank quasi-cyclic (RQC) codes to reduce the public key size. We show that it is possible to turn a valid, legitimate signature into an efficiently solvable decoding problem, which allows to recover the randomness used for signing and hence the secret key, from a single signature, in about the same amount of time as required for signing.


Post-quantum cryptography Coding theory Rank metric RQC Signature Cryptanalysis 

Mathematics Subject Classification

94A60 11T71 14G50 



  1. 1.
    Aguilar Melchor C., Aragon N., Bettaieb S., Bidoux L., Blazy O., Deneuville J.C., Gaborit P., Zémor G.: Rank Quasi-Cyclic (RQC)., submission to the NIST post quantum standardization process. (2017).
  2. 2.
    Aguilar Melchor C., Blazy O., Deneuville J., Gaborit P., Zémor G.: Efficient encryption from random quasi-cyclic codes. IEEE Trans. Inf. Theory 64(5), 3927–3943 (2018). Scholar
  3. 3.
    Aragon N., Blazy O., Gaborit P., Hauteville A., Zémor G.: Durandal: A rank metric based signature scheme. In: Advances in Cryptology-EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019, Proceedings, Part III, pp 728–758, (2019) Scholar
  4. 4.
    Courtois N., Finiasz M., Sendrier N.: How to achieve a McEliece-based digital signature scheme. In: Boyd C (ed) ASIACRYPT 2001, Springer, Heidelberg, LNCS, vol. 2248, pp 157–174, (2001) Scholar
  5. 5.
    Daniel Julius B., Andreas H., Tanja L., Panny L.: OFFICIAL COMMENT: RaCoSS. Official comments about NIST PQC submissions (2017).Google Scholar
  6. 6.
    Debris-Alazard T., Tillich J.: Two attacks on rank metric code-based schemes: Ranksign and an IBE scheme. In: Peyrin T, Galbraith SD (eds) Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part I, Springer, Lecture Notes in Computer Science, vol. 11272, pp. 62–92, (2018) Scholar
  7. 7.
    Debris-Alazard T., Sendrier N., Tillich J.: The problem with the SURF scheme. Cryptology ePrint Archive, Report 2017/662, (2017)
  8. 8.
    Debris-Alazard T., Sendrier N., Tillich J.P.: Wave: A new code-based signature scheme. Cryptology ePrint Archive, Report 2018/996, (2018)
  9. 9.
    Deneuville J.C., Gaborit P.: Cryptanalysis of a code-based one-time signature. WCC 2019: The Eleventh International Workshop on Coding and Cryptography, (2019)
  10. 10.
    Faugère J.C., Gauthier V., Otmani A., Perret L., Tillich J.P.: A distinguisher for high rate McEliece cryptosystems. In: Proc. IEEE Inf. Theory Workshop- ITW 2011, Paraty, Brasil, pp. 282–286 (2011)Google Scholar
  11. 11.
    Fiat A., Shamir A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko AM (ed) CRYPTO’86, Springer, Heidelberg, LNCS, vol. 263, pp. 186–194, (1987)
  12. 12.
    Gaborit P., Zémor G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans Inf. Theory 62(12), 7245–7252 (2016).MathSciNetCrossRefGoogle Scholar
  13. 13.
    Gaborit P., Murat G., Ruatta O., Zémor G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the Workshop on Coding and Cryptography WCC’2013, Bergen, Norway, available on (2013).
  14. 14.
    Gaborit P., Ruatta O., Schrek J., Zémor G.: New results for rank-based cryptography. In: Progress in Cryptology—AFRICACRYPT 2014, LNCS, vol. 8469, pp 1–12 (2014).Google Scholar
  15. 15.
    Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner RE, Dwork C (eds) 40th ACM STOC, ACM Press, pp 197–206, (2008)
  16. 16.
    Hoffstein J., Pipher J., Silverman J.H.: NSS: An NTRU lattice-based signature scheme. In: Pfitzmann B (ed) EUROCRYPT 2001, Springer, Heidelberg, LNCS, vol. 2045, pp. 211–228, (2001) Scholar
  17. 17.
    Kabatianskii G., Krouk E., Smeets B.J.M.: A digital signature scheme based on random error-correcting codes. In: IMA Int. Conf., Springer, LNCS, vol. 1355, pp. 161–167 (1997).Google Scholar
  18. 18.
    Lyubashevsky V.: Lattice signatures without trapdoors. In: [23], pp 738–755, (2012) Scholar
  19. 19.
    Micciancio D., Peikert C.: Trapdoors for lattices: Simpler, tighter, faster, smaller. In: [23], pp. 700–718, (2012) Scholar
  20. 20.
    Partha Sarathi R., Rui X., Kazuhide F., Shinsaku K., Kirill M., Tsuyoshi T.: RaCoSS: Random code-based signature scheme. Submission to NIST post-quantum standardization process (2017).Google Scholar
  21. 21.
    Partha Sarathi R., Rui X., Kazuhide F., Shinsaku K., Kirill M., Tsuyoshi T.: Code-based signature scheme without trapdoors. IEICE Tech. Rep., vol. 118, no. 151, ISEC2018-15, pp. 17–22, (2018)
  22. 22.
    Persichetti, E.: Efficient digital signatures from coding theory. Cryptology ePrint Archive, Report 2017/397, (2017)
  23. 23.
    Pointcheval D., Johansson T. (eds.): EUROCRYPT 2012, LNCS, vol. 7237. Springer, Heidelberg (2012).Google Scholar
  24. 24.
    Santini P., Baldi M., Chiaraluce F.: Cryptanalysis of a one-time code-based digital signature scheme. (2018) CoRR arXiv:1812.03286.
  25. 25.
    Schnorr C.P.: Efficient identification and signatures for smart cards. In: Brassard G (ed) CRYPTO’89, Springer, Heidelberg, LNCS, vol. 435, pp. 239–252, (1990)
  26. 26.
    Shor P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput. 26(5), 1484–1509 (1997). Scholar
  27. 27.
    Song Y., Huang X., Mu Y., Wu W.: A new code-based signature scheme with shorter public key. Cryptology ePrint Archive, Report 2019/053, (2019)
  28. 28.
    Xagawa K.: Practical attack on racoss-r. Cryptology ePrint Archive, Report 2018/831, (2018)

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.XLIM-MATHIS, University of LimogesLimogesFrance
  2. 2.École Nationale de l’Aviation CivileFederal University of ToulouseToulouseFrance
  3. 3.Temasek LaboratoriesNational University of SingaporeSingaporeSingapore
  4. 4.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations