Practical and Theoretical Cryptanalysis of VOX
Authors: 
Hao Guo, Yi Jin, Yuansheng Pan, Xiaoou He, Boru Gong, Jintai DingAuthors Info & Claims
Hao Guo, Yi Jin, Yuansheng Pan, Xiaoou He, Boru Gong, Jintai DingAuthors Info & ClaimsPages 186 - 208
Abstract
VOX is a UOV-like hash-and-sign signature scheme from the Multivariate Quadratic (MQ) family, which has been submitted to NIST Post-Quantum Cryptography Project, in response to NIST’s Call for Additional Digital Signature Schemes for the PQC Standardization Process. In 2023, the submitters of VOX updated the sets of recommended parameters of VOX, due to the rectangular MinRank attack proposed by Furue and Ikematsu.
In this work we demonstrate the insecurity of the updated VOX from both the practical and the theoretical aspects.
First, we conduct a practical MinRank attack against VOX, which uses multiple matrices from matrix deformation of public key to form a large rectangular matrix and evaluate the rank of this new matrix. By using Kipnis–Shamir method and Gröbner basis calculation only instead of support-minors method, our experiment shows it could recover, within two seconds, the secret key of almost every updated recommended instance of VOX.
Moreover, we propose a theoretical analysis on VOX by expressing public/secret key as matrices over a smaller field to find a low-rank matrix, resulting in a more precise estimation on the concrete hardness of VOX; for instance, the newly recommended VOX instance claimed to achieve NIST security level 3 turns out to be 69-bit-hard, as our analysis shows.
References
[1]
Bardet M and Bertin M Cheon JH and Johansson T Improvement of algebraic attacks for solving super determined min rank instances Post-Quantum Cryptography 2022 Cham Springer 107-123
[2]
Bardet M et al. Moriai S, Wang H, et al. Improvements of algebraic attacks for solving the rank decoding and MinRank problems Advances in Cryptology – ASIACRYPT 2020 2020 Cham Springer 507-536
[3]
Beullens W Canteaut A and Standaert F-X Improved cryptanalysis of UOV and rainbow Advances in Cryptology – EUROCRYPT 2021 2021 Cham Springer 348-373
[4]
Beullens W AlTawy R and Hülsing A MAYO: practical post-quantum signatures from oil-and-vinegar maps Selected Areas in Cryptography 2022 Cham Springer 355-376
[5]
Beullens, W., Campos, F., Celi, S., Hess, B., Kannwischer, M.J.: MAYO. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/mayo-spec-web.pdf
[6]
Beullens, W., et al.: UOV: Unbalanced Oil and Vinegar - Algorithm Specifications and Supporting Documentation Version 1.0. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/UOV-spec-web.pdf
[7]
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997)., computational algebra and number theory, London (1993)
[8]
Courtois NT Boyd C Efficient zero-knowledge authentication based on a linear algebra problem MinRank Advances in Cryptology — ASIACRYPT 2001 2001 Heidelberg Springer 402-421
[9]
Ding, J., et al.: TUOV: Triangular Unbalanced Oil and Vinegar - Algorithm Specifications and Supporting Documentation Version 1.0. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/TUOV-spec-web.pdf
[10]
Ding J, Petzoldt A, and Schmidt DS Multivariate Public Key Cryptosystems 2020 New York Springer
[11]
Ding J and Schmidt D Ioannidis J, Keromytis A, and Yung M Rainbow, a new multivariable polynomial signature scheme Applied Cryptography and Network Security 2005 Heidelberg Springer 164-175
[12]
Faugère, J., Din, M.S.E., Spaenlehauer, P.: Computing loci of rank defects of linear matrices using gröbner bases and applications to cryptology. In: Koepf, W. (ed.) Symbolic and Algebraic Computation, International Symposium, ISSAC 2010, Munich, Germany, 25–28 July 2010, Proceedings, pp. 257–264. ACM (2010).
[13]
Faugère J, Din MSE, and Spaenlehauer P On the complexity of the generalized MinRank problem J. Symb. Comput. 2013 55 30-58
[14]
Faugère J-C, Levy-dit-Vehel F, and Perret L Wagner D Cryptanalysis of MinRank Advances in Cryptology – CRYPTO 2008 2008 Heidelberg Springer 280-296
[15]
Faugère, J.C., Macario-Rat, G., Patarin, J., Perret, L.: A New Perturbation for Multivariate Public Key Schemes such as HFE and UOV. Cryptology ePrint Archive, Paper 2022/203 (2022). https://eprint.iacr.org/2022/203
[16]
Furue H and Ikematsu Y Shikata J and Kuzuno H A new security analysis against MAYO and QR-UOV using rectangular MinRank attack Advances in Information and Computer Security 2023 Cham Springer 101-116
[17]
Furue, H., et al.: QR-UOV. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/qruov-spec-web.pdf
[18]
Furue H, Ikematsu Y, Kiyomura Y, and Takagi T Tibouchi M and Wang H A new variant of unbalanced oil and vinegar using quotient ring: QR-UOV Advances in Cryptology – ASIACRYPT 2021 2021 Cham Springer 187-217
[19]
Goubin, L., et al.: PROV: PRovable unbalanced Oil and Vinegar Specification v1.0 - 06/01/2023. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/prov-spec-web.pdf
[20]
Goubin L and Courtois NT Okamoto T Cryptanalysis of the TTM cryptosystem Advances in Cryptology — ASIACRYPT 2000 2000 Heidelberg Springer 44-57
[21]
Guo H and Ding J Mesnager S and Zhou Z Algebraic relation of three MinRank algebraic modelings Arithmetic of Finite Fields 2022 Cham Springer 239-249
[22]
Ikematsu Y, Nakamura S, and Takagi T Recent progress in the security evaluation of multivariate public-key cryptography IET Inf. Secur. 2023 17 2 210-226
[23]
Kipnis A and Shamir A Wiener M Cryptanalysis of the HFE public key cryptosystem by relinearization Advances in Cryptology — CRYPTO’ 99 1999 Heidelberg Springer 19-30
[24]
Macario-Rat, G., et al.: Rectangular attack on VOX. IACR Cryptology ePrint Archive, p. 1822 (2023). https://eprint.iacr.org/2023/1822
[25]
Nakamura, S., Wang, Y., Ikematsu, Y.: A new analysis of the kipnis-shamir method solving the MinRank problem. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 106(3), 203–211 (2023).
[26]
Patarin, J., et al.: Vox specification v1.0 - 06/01/2023. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/vox-spec-web.pdf
[27]
Tao C, Petzoldt A, and Ding J Malkin T and Peikert C Efficient key recovery for All HFE signature variants Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 70-93
[28]
Verbel J, Baena J, Cabarcas D, Perlner R, and Smith-Tone D Ding J and Steinwandt R On the complexity of “Superdetermined” Minrank instances Post-Quantum Cryptography 2019 Cham Springer 167-186
[29]
Wang, L.C., et al.: SNOVA - Proposal for NISTPQC: Digital Signature Schemes project. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/SNOVA-spec-web.pdf
[30]
Wang Y, Ikematsu Y, Nakamura S, and Takagi T You I Revisiting the minrank problem on multivariate cryptography Information Security Applications 2020 Cham Springer 291-307
Recommendations
On provable security of UOV and HFE signature schemes against chosen-message attack
PQCrypto'11: Proceedings of the 4th international conference on Post-Quantum CryptographyThe multivariate public key cryptosystem (MPKC) is considered to be one of the candidates of post-quantum cryptography. Unbalanced Oil-Vinegar (UOV) scheme and Hidden Field Equation (HFE) scheme are well-known schemes in MPKC. However, little attention ...
Cryptanalysis and Improvement of Practical Convertible Authenticated Encryption Schemes Using Self-Certified Public Keys
A convertible authenticated encryption scheme allows a specified recipient to recover and verify a message simultaneously. Moreover the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. ...
Practical cryptanalysis of SFLASH
CRYPTO'07: Proceedings of the 27th annual international cryptology conference on Advances in cryptologyIn this paper, we present a practical attack on the signature scheme SFLASH proposed by Patarin, Goubin and Courtois in 2001 following a design they had introduced in 1998. The attack only needs the public key and requires about one second to forge a ...
Comments
Information & Contributors
Information
Published In
Jun 2024
379 pages
ISBN:978-3-031-62745-3
DOI:10.1007/978-3-031-62746-0
- Editors:
- Markku-Juhani Saarinen,
- Daniel Smith-Tone
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 12 June 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 11 Feb 2025