Cryptanalysis of a rank-based signature with short public keys


Following Schnorr framework for obtaining digital signatures, Song et al. recently proposed a new instantiation of a signature scheme featuring small public keys from coding assumptions in rank metric, which was accepted at PKC’19. Their proposal makes use of rank quasi-cyclic (RQC) codes to reduce the public key size. We show that it is possible to turn a valid, legitimate signature into an efficiently solvable decoding problem, which allows to recover the randomness used for signing and hence the secret key, from a single signature, in about the same amount of time as required for signing.

This is a preview of subscription content, log in to check access.

Fig. 1


  1. 1.

    Their results got accepted on Dec. 21st 2018 at PKC’19, made available as ePrint 2019/053 ( on Jan. 25th 2019, a cryptanalysis implementation was publicly released on Jan. 30th 2019 (, Lau and Tan ( then Xagawa ( published independently a description of the attack. The paper has been withdrawn since, both from ePrint and PKC’19, around Feb. 26th 2019. This work merges the implementation of Aragon et al., and the works of Lau and Tan, and Xagawa.


  1. 1.

    Aguilar Melchor C., Aragon N., Bettaieb S., Bidoux L., Blazy O., Deneuville J.C., Gaborit P., Zémor G.: Rank Quasi-Cyclic (RQC)., submission to the NIST post quantum standardization process. (2017).

  2. 2.

    Aguilar Melchor C., Blazy O., Deneuville J., Gaborit P., Zémor G.: Efficient encryption from random quasi-cyclic codes. IEEE Trans. Inf. Theory 64(5), 3927–3943 (2018).

    MathSciNet  Article  MATH  Google Scholar 

  3. 3.

    Aragon N., Blazy O., Gaborit P., Hauteville A., Zémor G.: Durandal: A rank metric based signature scheme. In: Advances in Cryptology-EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019, Proceedings, Part III, pp 728–758, (2019)

  4. 4.

    Courtois N., Finiasz M., Sendrier N.: How to achieve a McEliece-based digital signature scheme. In: Boyd C (ed) ASIACRYPT 2001, Springer, Heidelberg, LNCS, vol. 2248, pp 157–174, (2001)

  5. 5.

    Daniel Julius B., Andreas H., Tanja L., Panny L.: OFFICIAL COMMENT: RaCoSS. Official comments about NIST PQC submissions (2017).

  6. 6.

    Debris-Alazard T., Tillich J.: Two attacks on rank metric code-based schemes: Ranksign and an IBE scheme. In: Peyrin T, Galbraith SD (eds) Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part I, Springer, Lecture Notes in Computer Science, vol. 11272, pp. 62–92, (2018)

  7. 7.

    Debris-Alazard T., Sendrier N., Tillich J.: The problem with the SURF scheme. Cryptology ePrint Archive, Report 2017/662, (2017)

  8. 8.

    Debris-Alazard T., Sendrier N., Tillich J.P.: Wave: A new code-based signature scheme. Cryptology ePrint Archive, Report 2018/996, (2018)

  9. 9.

    Deneuville J.C., Gaborit P.: Cryptanalysis of a code-based one-time signature. WCC 2019: The Eleventh International Workshop on Coding and Cryptography, (2019)

  10. 10.

    Faugère J.C., Gauthier V., Otmani A., Perret L., Tillich J.P.: A distinguisher for high rate McEliece cryptosystems. In: Proc. IEEE Inf. Theory Workshop- ITW 2011, Paraty, Brasil, pp. 282–286 (2011)

  11. 11.

    Fiat A., Shamir A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko AM (ed) CRYPTO’86, Springer, Heidelberg, LNCS, vol. 263, pp. 186–194, (1987)

  12. 12.

    Gaborit P., Zémor G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans Inf. Theory 62(12), 7245–7252 (2016).

    MathSciNet  Article  Google Scholar 

  13. 13.

    Gaborit P., Murat G., Ruatta O., Zémor G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the Workshop on Coding and Cryptography WCC’2013, Bergen, Norway, available on (2013).

  14. 14.

    Gaborit P., Ruatta O., Schrek J., Zémor G.: New results for rank-based cryptography. In: Progress in Cryptology—AFRICACRYPT 2014, LNCS, vol. 8469, pp 1–12 (2014).

  15. 15.

    Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner RE, Dwork C (eds) 40th ACM STOC, ACM Press, pp 197–206, (2008)

  16. 16.

    Hoffstein J., Pipher J., Silverman J.H.: NSS: An NTRU lattice-based signature scheme. In: Pfitzmann B (ed) EUROCRYPT 2001, Springer, Heidelberg, LNCS, vol. 2045, pp. 211–228, (2001)

  17. 17.

    Kabatianskii G., Krouk E., Smeets B.J.M.: A digital signature scheme based on random error-correcting codes. In: IMA Int. Conf., Springer, LNCS, vol. 1355, pp. 161–167 (1997).

  18. 18.

    Lyubashevsky V.: Lattice signatures without trapdoors. In: [23], pp 738–755, (2012)

  19. 19.

    Micciancio D., Peikert C.: Trapdoors for lattices: Simpler, tighter, faster, smaller. In: [23], pp. 700–718, (2012)

  20. 20.

    Partha Sarathi R., Rui X., Kazuhide F., Shinsaku K., Kirill M., Tsuyoshi T.: RaCoSS: Random code-based signature scheme. Submission to NIST post-quantum standardization process (2017).

  21. 21.

    Partha Sarathi R., Rui X., Kazuhide F., Shinsaku K., Kirill M., Tsuyoshi T.: Code-based signature scheme without trapdoors. IEICE Tech. Rep., vol. 118, no. 151, ISEC2018-15, pp. 17–22, (2018)

  22. 22.

    Persichetti, E.: Efficient digital signatures from coding theory. Cryptology ePrint Archive, Report 2017/397, (2017)

  23. 23.

    Pointcheval D., Johansson T. (eds.): EUROCRYPT 2012, LNCS, vol. 7237. Springer, Heidelberg (2012).

  24. 24.

    Santini P., Baldi M., Chiaraluce F.: Cryptanalysis of a one-time code-based digital signature scheme. (2018) CoRR arXiv:1812.03286.

  25. 25.

    Schnorr C.P.: Efficient identification and signatures for smart cards. In: Brassard G (ed) CRYPTO’89, Springer, Heidelberg, LNCS, vol. 435, pp. 239–252, (1990)

  26. 26.

    Shor P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput. 26(5), 1484–1509 (1997).

    MathSciNet  Article  MATH  Google Scholar 

  27. 27.

    Song Y., Huang X., Mu Y., Wu W.: A new code-based signature scheme with shorter public key. Cryptology ePrint Archive, Report 2019/053, (2019)

  28. 28.

    Xagawa K.: Practical attack on racoss-r. Cryptology ePrint Archive, Report 2018/831, (2018)

Download references

Author information



Corresponding author

Correspondence to Jean-Christophe Deneuville.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was partially supported by the French DGA.

Communicated by R. Steinwandt.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Aragon, N., Blazy, O., Deneuville, JC. et al. Cryptanalysis of a rank-based signature with short public keys. Des. Codes Cryptogr. 88, 643–653 (2020).

Download citation


  • Post-quantum cryptography
  • Coding theory
  • Rank metric
  • RQC
  • Signature
  • Cryptanalysis

Mathematics Subject Classification

  • 94A60
  • 11T71
  • 14G50