Abstract
We present an original efficient classical attack on MPPK/DS, a proposed multivariate-based post-quantum digital signature scheme. We then use ideas from another recent attack on MPPK/DS by Hao Guo, ultimately producing an attack with efficiency equal to that of the work of an honest verifier.
Similar content being viewed by others
Data availability
The code and data use to generate the experimental evidence in this paper are openly available on GitHub at https://github.com/lsmaddison/MPPKDS-Forgery.
Notes
The message space was stated to be \({\mathbb {Z}}_p\) in [2], but evaluating a polynomial in \({\mathbb {Z}}_{p-1}[x_0]\) at a value in \({\mathbb {Z}}_p\) is not well defined. We thus change it to \({\mathbb {Z}}_{p-1}\) and assume that arithmetic is done mod \(p-1\) when evaluating the polynomials. Note that the notation \(GF(p-1)\) was used in [2] to denote \({\mathbb {Z}}_{p-1}\), but we change it here since this ring is not a field.
The signing algorithm in [2] also stipulated that if any of A, B, C, D or E were equal to 1, then the result should be rejected and a new base g should be chosen. We discuss in Section 3.1 why this condition must be removed.
References
National Institute of Standards and Technology. Post-Quantum Cryptography: Digital signature schemes. standardization of additional digital signature schemes. https://csrc.nist.gov/Projects/pqc-dig-sig/standardization, (2023). Accessed: August 2023
Kuang, R., Perepechaenko, M., Barbeau, M.: A new quantum-safe multivariate polynomial public key digital signature algorithm. Scientific Reports (2022)
Kuang, R., Perepechaenko, M., Barbeau, M.: A new post-quantum multivariate polynomial public key encapsulation algorithm. Quantum Inf. Process. 21(10), 360 (2022)
Shor, P.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Guo, H.: An algebraic attack for forging signatures of MPPK/DS. Cryptology ePrint Archive, Paper 2023/453, (2023). https://eprint.iacr.org/2023/453
Storjohann, A., Mulders, T.: Fast algorithms for linear algebra modulo \(N\). In: Bilardi, G., Italiano, G.F., Pietracaprina, A., Pucci, G. (eds.), Algorithms — ESA’ 98, pages 139–150, Berlin, Heidelberg, (1998). Springer Berlin Heidelberg
Barbeau, M.: A teeny-tiny implementation of multivariate polynomial public key digital signature (MPPK/DS), (2022). https://github.com/michelbarbeau/Multivariate-Polynomial-Public-Key-Digital-Signature
Chebolu, S.K., Mináč, J.: Counting Irreducible Polynomials over Finite Fields Using the Inclusion-Exclusion Principle. Math. Magaz. 84(5), 369–371 (2011)
Maddison, L.: Cryptanalysis of multivariate-based post-quantum digital signature schemes. Thesis, University of Ottawa (2024)
Acknowledgements
This work is part of the first author’s thesis [9]. The second author’s research is partially funded by Natural Sciences and Engineering Research Council Discovery Grant NSERC-RGPIN-2020-05020.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Maddison, L., Nevins, M. A Classically Efficient Forgery of MPPK/DS Signatures. La Matematica (2024). https://doi.org/10.1007/s44007-024-00095-0
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s44007-024-00095-0