Preliminary Cryptanalysis of the Biscuit Signature Scheme

CryptoDB

Preliminary Cryptanalysis of the Biscuit Signature Scheme

Authors:	Charles Bouillaguet , Sorbonne Université, CNRS, LIP6 Julia Sauvage , Sorbonne Université, CNRS, LIP6
Download:	DOI: 10.62056/aemp-4c2h URL: https://cic.iacr.org//p/1/1/30 Search ePrint Search Google
Abstract:	Biscuit is a recent multivariate signature scheme based on the MPC-in-the-Head paradigm. It has been submitted to the NIST competition for additional signature schemes. Signatures are derived from a zero-knowledge proof of knowledge of the solution of a structured polynomial system. This extra structure enables efficient proofs and compact signatures. This short note demonstrates that it also makes these polynomial systems easier to solve than random ones. As a consequence, the original parameters of Biscuit failed to meet the required security levels and had to be upgraded.

BibTeX

@article{cic-2024-34101,
  title={Preliminary Cryptanalysis   of the Biscuit Signature Scheme},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 1},
  url={https://cic.iacr.org//p/1/1/30},
  doi={10.62056/aemp-4c2h},
  author={Charles Bouillaguet and Julia Sauvage},
  year=2024
}

International Association for Cryptologic Research

International Associationfor Cryptologic Research

CryptoDB

Preliminary Cryptanalysis of the Biscuit Signature Scheme

BibTeX

International Association
for Cryptologic Research