International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Preliminary Cryptanalysis of the Biscuit Signature Scheme

Authors:
Charles Bouillaguet , Sorbonne Université, CNRS, LIP6
Julia Sauvage , Sorbonne Université, CNRS, LIP6
Download:
DOI: 10.62056/aemp-4c2h
URL: https://cic.iacr.org//p/1/1/30
Search ePrint
Search Google
Abstract:

Biscuit is a recent multivariate signature scheme based on the MPC-in-the-Head paradigm. It has been submitted to the NIST competition for additional signature schemes. Signatures are derived from a zero-knowledge proof of knowledge of the solution of a structured polynomial system. This extra structure enables efficient proofs and compact signatures. This short note demonstrates that it also makes these polynomial systems easier to solve than random ones. As a consequence, the original parameters of Biscuit failed to meet the required security levels and had to be upgraded.

BibTeX
@article{cic-2024-34101,
  title={Preliminary Cryptanalysis   of the Biscuit Signature Scheme},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 1},
  url={https://cic.iacr.org//p/1/1/30},
  doi={10.62056/aemp-4c2h},
  author={Charles Bouillaguet and Julia Sauvage},
  year=2024
}