International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Analysis of the security of the PSSI problem and cryptanalysis of the Durandal signature scheme

Authors:
Nicolas Aragon , NAQUIDIS Center, France
Victor Dyseryn , XLIM, Université de Limoges
Philippe Gaborit , XLIM, Université de Limoges
Download:
DOI: 10.1007/978-3-031-38548-3_5 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2023
Abstract: We present a new attack against the PSSI problem, one of the three problems at the root of security of Durandal, an efficient rank metric code-based signature scheme with a public key size of 15 kB and a signature size of 4 kB, presented at EUROCRYPT'19. Our attack recovers the private key using a leakage of information coming from several signatures produced with the same key. Our approach is to combine pairs of signatures and perform Cramer-like formulas in order to build subspaces containing a secret element. We break all existing parameters of Durandal: the two published sets of parameters claiming a security of 128 bits are broken in respectively $2^{66}$ and $2^{73}$ elementary bit operations, and the number of signatures required to finalize the attack is 1,792 and 4,096 respectively. We implemented our attack and ran experiments that demonstrated its success with smaller parameters.
BibTeX
@inproceedings{crypto-2023-33213,
  title={Analysis of the security of the PSSI problem and cryptanalysis of the Durandal signature scheme},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-38548-3_5},
  author={Nicolas Aragon and Victor Dyseryn and Philippe Gaborit},
  year=2023
}