Advertisement

Durandal: A Rank Metric Based Signature Scheme

  • Nicolas Aragon
  • Olivier Blazy
  • Philippe Gaborit
  • Adrien HautevilleEmail author
  • Gilles Zémor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11478)

Abstract

We describe a variation of the Schnorr-Lyubashevsky approach to devising signature schemes that is adapted to rank based cryptography. This new approach enables us to obtain a randomization of the signature, which previously seemed difficult to derive for code-based cryptography. We provide a detailed analysis of attacks and an EUF-CMA proof for our scheme. Our scheme relies on the security of the Ideal Rank Support Learning and the Ideal Rank Syndrome problems and a newly introduced problem: Product Spaces Subspaces Indistinguishability, for which we give a detailed analysis. Overall the parameters we propose are efficient and comparable in terms of signature size to the Dilithium lattice-based scheme, with a signature size of 4 kB for a public key of size less than 20 kB.

Notes

Acknowledgements

This work has been supported in part by the French ANR projects CBCRYPT (ANR-17-CE39-0007) and ID-FIX (ANR-16-CE39-0004). The authors would like to thank Alain Couvreur for his insightful comments.

References

  1. 1.
    Aguilar Melchor, C., et al.: HQC 2017. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  2. 2.
    Aguilar Melchor, C., et al.: RQC 2017. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  3. 3.
    Aguilar Melchor, C., Gaborit, P., Schrek, J.: A new zero-knowledge code based identification scheme with reduced communication. In: Proceedings of the IEEE ITW (2011)Google Scholar
  4. 4.
    Aragon, N., et al.: BIKE 2017. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  5. 5.
    Aragon, N., Gaborit, P., Hauteville, A., Ruatta, O., Zémor, G.: Low rank parity check codes: new decoding algorithms and application to cryptography. IEEE Trans. Inf. Theory (2019, submitted)Google Scholar
  6. 6.
    Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.-P.: A new algorithm for solving the rank syndrome decoding problem. In: Proceedings of the IEEE ISIT (2018)Google Scholar
  7. 7.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_10CrossRefGoogle Scholar
  8. 8.
    Debris-Alazard, T., Sendrier, N., Tillich, J.-P.: The problem with the surf scheme. Preprint (2017). https://arxiv.org/abs/1706.08065
  9. 9.
    Debris-Alazard, T., Tillich, J.-P.: Two attacks on rank metric code-based schemes: Ranksign and an identity-based-encryption scheme. In: ASIACRYPT (2018)Google Scholar
  10. 10.
    Faugère, Je.-C., Gauthier, V., Otmani, A., Perret, L., Tillich, J.-P.: A distinguisher for high rate McEliece cryptosystems. IEEE Trans. Inf. Theory IT 59(10), 6830–6844 (2013)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Fukushima, K., Sarathi Roy, P., Xu, R., Kiyomoto, S., Morozov, K., Takagi, T.: RaCoSS. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  12. 12.
    Gaborit, P., Hauteville, A., Phan, D.H., Tillich, J.-P.: Identity-based encryption from codes with rank metric. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 194–224. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_7CrossRefGoogle Scholar
  13. 13.
    Gaborit, P., Murat, G., Ruatta, O., Zémor, G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the WCC (2013)Google Scholar
  14. 14.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory IT 62(2), 1006–1019 (2016)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: New results for rank-based cryptography. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 1–12. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-06734-6_1CrossRefGoogle Scholar
  16. 16.
    Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: RankSign: an efficient signature algorithm based on the rank metric. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 88–107. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11659-4_6CrossRefzbMATHGoogle Scholar
  17. 17.
    Gaborit, P., Schrek, J., Zémor, G.: Full cryptanalysis of the chen identification protocol. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 35–50. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_3CrossRefGoogle Scholar
  18. 18.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory IT 62(12), 7245–7252 (2016)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC (2008)Google Scholar
  20. 20.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Hauteville, A., Tillich, J.-P.: New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem. In: Proceedings of the IEEE ISIT (2015)Google Scholar
  23. 23.
    Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36563-X_9CrossRefGoogle Scholar
  24. 24.
    Lee, W., Kim, Y.-S., Lee, Y.-W., No, J.-S.: pqsigRM 2017. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  25. 25.
    Loidreau, P.: On cellular code and their cryptographic applications. In: Proceedings of ACCT (2014)Google Scholar
  26. 26.
    Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_35CrossRefGoogle Scholar
  27. 27.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_43CrossRefGoogle Scholar
  28. 28.
    Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM 2017. NIST Round 1 submission for Post-Quantum Cryptography (2017)Google Scholar
  29. 29.
    Persichetti, E.: Improving the efficiency of code-based cryptography. Ph.D. thesis, The University of Auckland (2012). https://persichetti.webs.com/Thesis%20Final.pdf
  30. 30.
    Schnorr, C.-P.: Efficient signature generation by smart cards. J. Cryptol. 4, 161–174 (1991)CrossRefGoogle Scholar
  31. 31.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_2CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Nicolas Aragon
    • 1
  • Olivier Blazy
    • 1
  • Philippe Gaborit
    • 1
  • Adrien Hauteville
    • 1
    Email author
  • Gilles Zémor
    • 2
  1. 1.XLIM-DMIUniversity of LimogesLimoges CedexFrance
  2. 2.Université de Bordeaux, Institut de Mathématiques, UMR 5251TalenceFrance

Personalised recommendations