Practical Attacks Against the Walnut Digital Signature Scheme

Ward Beullens; Simon Blackburn

doi:10.1007/978-3-030-03326-2_2

Practical Attacks Against the Walnut Digital Signature Scheme

Ward Beullens, Simon Blackburn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

64 Downloads (Pure)

Abstract

Recently, NIST started the process of standardizing quantum-resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.

Original language	English
Title of host publication	Advances in Cryptology - ASIACRYPT 2018
Publisher	Springer
Pages	35-61
Number of pages	27
ISBN (Electronic)	978-3-030-03326-2
ISBN (Print)	978-3-030-03325-5
DOIs	https://doi.org/10.1007/978-3-030-03326-2_2
Publication status	E-pub ahead of print - 27 Oct 2018

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer-Verlag
Volume	11272

Access to Document

10.1007/978-3-030-03326-2_2

Accepted ManuscriptAccepted author manuscript, 412 KB

Cite this

@inproceedings{a7db9f95f6224476875f3ccf0b081e70,

title = "Practical Attacks Against the Walnut Digital Signature Scheme",

abstract = "Recently, NIST started the process of standardizing quantum-resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.",

author = "Ward Beullens and Simon Blackburn",

year = "2018",

month = oct,

day = "27",

doi = "10.1007/978-3-030-03326-2_2",

language = "English",

isbn = "978-3-030-03325-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "35--61",

booktitle = "Advances in Cryptology - ASIACRYPT 2018",

}

TY - GEN

T1 - Practical Attacks Against the Walnut Digital Signature Scheme

AU - Beullens, Ward

AU - Blackburn, Simon

PY - 2018/10/27

Y1 - 2018/10/27

N2 - Recently, NIST started the process of standardizing quantum-resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.

AB - Recently, NIST started the process of standardizing quantum-resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.

U2 - 10.1007/978-3-030-03326-2_2

DO - 10.1007/978-3-030-03326-2_2

M3 - Conference contribution

SN - 978-3-030-03325-5

T3 - Lecture Notes in Computer Science

SP - 35

EP - 61

BT - Advances in Cryptology - ASIACRYPT 2018

PB - Springer

ER -