Table of Contents
Fetching ...

Security issues of CFS-like digital signature algorithms

Giuseppe D'Alconzo, Alessio Meneghetti, Paolo Piasenti

TL;DR

The paper analyzes security of CFS-like code-based signatures, focusing on reducing signing cost by mapping messages into decodable syndromes via code-based hashes. It demonstrates forgery attacks on mCFS$_c$ by stopping the outer hash or employing a $\gamma_t$-type mapping to decodable syndromes, enabling signatures that validate against a public key without the secret key. The analysis generalizes to a broader class of hash constructions $\bar{h}_H(m)=H\cdot\gamma_t(h(m))$, showing forgery remains possible without the private key for all such schemes. The results highlight the difficulty of achieving both strong post-quantum security and practical signing efficiency with code-based hash-to-syndrome methods, motivating alternative designs that balance security with efficiency, and possibly re-evaluating speedups inspired by KKS approaches.

Abstract

We analyse the security of some variants of the CFS code-based digital signature scheme. We show how the adoption of some code-based hash-functions to improve the efficiency of CFS leads to the ability of an attacker to produce a forgery compatible to the rightful user's public key.

Security issues of CFS-like digital signature algorithms

TL;DR

The paper analyzes security of CFS-like code-based signatures, focusing on reducing signing cost by mapping messages into decodable syndromes via code-based hashes. It demonstrates forgery attacks on mCFS by stopping the outer hash or employing a -type mapping to decodable syndromes, enabling signatures that validate against a public key without the secret key. The analysis generalizes to a broader class of hash constructions , showing forgery remains possible without the private key for all such schemes. The results highlight the difficulty of achieving both strong post-quantum security and practical signing efficiency with code-based hash-to-syndrome methods, motivating alternative designs that balance security with efficiency, and possibly re-evaluating speedups inspired by KKS approaches.

Abstract

We analyse the security of some variants of the CFS code-based digital signature scheme. We show how the adoption of some code-based hash-functions to improve the efficiency of CFS leads to the ability of an attacker to produce a forgery compatible to the rightful user's public key.
Paper Structure (8 sections, 3 theorems, 8 equations)

This paper contains 8 sections, 3 theorems, 8 equations.

Key Result

Proposition 1

For every state $L_i$ of the hash function $h_H$, $f(L_i)$ is a syndrome of a vector of Hamming weight $w$.

Theorems & Definitions (6)

  • Proposition 1
  • proof
  • Proposition 2
  • proof
  • Theorem 3
  • proof