Security issues of CFS-like digital signature algorithms
Giuseppe D'Alconzo, Alessio Meneghetti, Paolo Piasenti
TL;DR
The paper analyzes security of CFS-like code-based signatures, focusing on reducing signing cost by mapping messages into decodable syndromes via code-based hashes. It demonstrates forgery attacks on mCFS$_c$ by stopping the outer hash or employing a $\gamma_t$-type mapping to decodable syndromes, enabling signatures that validate against a public key without the secret key. The analysis generalizes to a broader class of hash constructions $\bar{h}_H(m)=H\cdot\gamma_t(h(m))$, showing forgery remains possible without the private key for all such schemes. The results highlight the difficulty of achieving both strong post-quantum security and practical signing efficiency with code-based hash-to-syndrome methods, motivating alternative designs that balance security with efficiency, and possibly re-evaluating speedups inspired by KKS approaches.
Abstract
We analyse the security of some variants of the CFS code-based digital signature scheme. We show how the adoption of some code-based hash-functions to improve the efficiency of CFS leads to the ability of an attacker to produce a forgery compatible to the rightful user's public key.
