Cryptanalysis of SFlash v3

Jintai Ding Dieter Schmidt

TBD mathscidoc:2207.43011

IACR Cryptology ePrint Archive, 103, 2004.5
Sflash is a fast multivariate signature scheme. Though the first version Sflash-v1 was flawed, a second version, Sflash-v2 was selected by the Nessie Consortium and was recommended for implementation of low-end smart cards. Very recently, due to the security concern, the designer of Sflash recommended that Sflash-v2 should not be used, instead a new version Sflash-v3 is proposed, which essentially only increases the length of the signature. The Sflash family of signature schemes is a variant of the Matsumoto and Imai public key cryptosystem. The modification is through the Minus method, namely given a set of polynomial equations, one takes out a few of them to make them much more difficult to solve. In this paper, we attack the Sflash-v3 scheme by combining an idea from the relinearization method by Kipnis and Shamir, which was used to attack the Hidden Field Equation schemes, and the linearization method by Patarin. We show that the attack complexity is less than 2^{80}, the security standard required by the Nessie Consortium.
No keywords uploaded!
[ Download ] [ 2022-07-07 16:56:49 uploaded by dingjt ] [ 333 downloads ] [ 0 comments ]
@inproceedings{jintai2004cryptanalysis,
  title={Cryptanalysis of SFlash v3},
  author={Jintai Ding, and Dieter Schmidt},
  url={http://archive.ymsc.tsinghua.edu.cn/pacm_paperurl/20220707165649658161588},
  booktitle={ IACR Cryptology ePrint Archive},
  pages={103},
  year={2004},
}
Jintai Ding, and Dieter Schmidt. Cryptanalysis of SFlash v3. 2004. In IACR Cryptology ePrint Archive. pp.103. http://archive.ymsc.tsinghua.edu.cn/pacm_paperurl/20220707165649658161588.
Please log in for comment!
 
 
Contact us: office-iccm@tsinghua.edu.cn | Copyright Reserved