Practical Attacks Against the Walnut Digital Signature Scheme

Ward Beullens, Simon Blackburn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

69 Downloads (Pure)


Recently, NIST started the process of standardizing quantum-resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.
Original languageEnglish
Title of host publicationAdvances in Cryptology - ASIACRYPT 2018
Number of pages27
ISBN (Electronic)978-3-030-03326-2
ISBN (Print)978-3-030-03325-5
Publication statusE-pub ahead of print - 27 Oct 2018

Publication series

NameLecture Notes in Computer Science

Cite this