Jintai DingUniversity of Cincinnati, Ohio, USADoug EmeryUniversity of Cincinnati, Ohio, USAJohannes MuellerSnT, University of Luxembourg, LuxembourgPeter Y. A. RyanSnT, University of Luxembourg, LuxembourgVonn Kee WongUniversity of Cincinnati, Ohio, USA
Anonymous veto networks (AV-nets), originally proposed by Hao and Zielinski (2006), are particularly lightweight protocols for evaluating a veto function in a peer-to-peer network such that anonymity of all protocol participants is preserved. Prior to this work, anonymity in all AV-nets from the literature relied on the decisional Diffie-Hellman (DDH) assumption and can thus be broken by (scalable) quantum computers. In order to defend against this threat, we propose two practical and completely lattice-based AV-nets. The first one is secure against passive and the second one is secure against active adversaries. We prove that anonymity of our AV-nets reduces to the ring learning with errors (RLWE) assumption. As such, our AV-nets are the first ones with post-quantum anonymity. We also provide performance benchmarks to demonstrate their practicality.
Chengdong TaoDing Lab, Beijing Institute of Mathematical Sci. and Applications, Beijing, ChinaAlbrecht PetzoldtFAU Erlangen-Nuremberg, Nuremberg, GermanyJintai DingYau Mathematical Center, Tsinghua University, Beijing, China; Ding Lab, Beijing Institute of Mathematical Sci. and Applications, Beijing, China; Ding Lab, Beijing Institute of Mathematical Sci. and Applications, Beijing, China
The HFEv- signature scheme is a twenty year old multivariate public key signature scheme. It uses the Minus and the Vinegar modifier on the original HFE scheme. An instance of the HFEv- signature scheme called GeMSS is one of the alternative candidates for signature schemes in the third round of the NIST Post Quantum Crypto (PQC) Standardization Project. In this paper, we propose a new key recovery attack on the HFEv- signature scheme. We show that the Minus modification does not enhance the security of cryptosystems of the HFE family, while the Vinegar modification increases the complexity of our attack only by a polynomial factor. By doing so, we show that the proposed parameters of the GeMSS scheme are not as secure as claimed. Our attack shows that it is very difficult to build a secure and efficient signature scheme on the basis of HFEv-.
In this paper, we present a simple attack on LWE and Ring LWE encryption schemes used directly as Key Encapsulation Mechanisms (KEMs). This attack could work due to the fact that a key mismatch in a KEM is accessible to an adversary. Our method clearly indicates that any LWE or RLWE (or any similar type of construction) encryption directly used as KEM can be broken by modifying our attack method according to the respective cases.