CryptoDB
Preliminary Cryptanalysis of the Biscuit Signature Scheme
Authors: |
|
---|---|
Download: | |
Abstract: | Biscuit is a recent multivariate signature scheme based on the MPC-in-the-Head paradigm. It has been submitted to the NIST competition for additional signature schemes. Signatures are derived from a zero-knowledge proof of knowledge of the solution of a structured polynomial system. This extra structure enables efficient proofs and compact signatures. This short note demonstrates that it also makes these polynomial systems easier to solve than random ones. As a consequence, the original parameters of Biscuit failed to meet the required security levels and had to be upgraded. |
BibTeX
@article{cic-2024-34101, title={Preliminary Cryptanalysis of the Biscuit Signature Scheme}, journal={cic}, publisher={International Association for Cryptologic Research}, volume={1, Issue 1}, url={https://cic.iacr.org//p/1/1/30}, doi={10.62056/aemp-4c2h}, author={Charles Bouillaguet and Julia Sauvage}, year=2024 }