eprint.iacr.org/archive/2024/1453/20240917:172600
Preview meta tags from the eprint.iacr.org website.
Linked Hostnames
5- 26 links toeprint.iacr.org
- 5 links toorcid.org
- 1 link tocreativecommons.org
- 1 link toia.cr
- 1 link toiacr.org
Thumbnail
Search Engine Appearance
Breaking and Repairing SQIsign2D-East
We present a key recovery attack on SQIsign2D-East that reduces its security level from $\lambda$ to $\lambda/2$. We exploit the fact that each signature leaks a Legendre symbol modulo the secret degree of the private key isogeny. About $\lambda/2$ signatures are enough for these Legendre symbols to fully determine the secret degree, which can then be recovered by exhaustive search over a set of size $O(2^{\lambda/2})$. Once the degree is known, the private key isogeny itself can be found, again by exhaustive search, in time $\tilde{O}(2^{\lambda/2})$. We also present a new version of the protocol which does not leak any such information about the private key and show that our modified protocol is more efficient than the original one. Finally, we give a security analysis as well as a new proof of security.
Bing
Breaking and Repairing SQIsign2D-East
We present a key recovery attack on SQIsign2D-East that reduces its security level from $\lambda$ to $\lambda/2$. We exploit the fact that each signature leaks a Legendre symbol modulo the secret degree of the private key isogeny. About $\lambda/2$ signatures are enough for these Legendre symbols to fully determine the secret degree, which can then be recovered by exhaustive search over a set of size $O(2^{\lambda/2})$. Once the degree is known, the private key isogeny itself can be found, again by exhaustive search, in time $\tilde{O}(2^{\lambda/2})$. We also present a new version of the protocol which does not leak any such information about the private key and show that our modified protocol is more efficient than the original one. Finally, we give a security analysis as well as a new proof of security.
DuckDuckGo
Breaking and Repairing SQIsign2D-East
We present a key recovery attack on SQIsign2D-East that reduces its security level from $\lambda$ to $\lambda/2$. We exploit the fact that each signature leaks a Legendre symbol modulo the secret degree of the private key isogeny. About $\lambda/2$ signatures are enough for these Legendre symbols to fully determine the secret degree, which can then be recovered by exhaustive search over a set of size $O(2^{\lambda/2})$. Once the degree is known, the private key isogeny itself can be found, again by exhaustive search, in time $\tilde{O}(2^{\lambda/2})$. We also present a new version of the protocol which does not leak any such information about the private key and show that our modified protocol is more efficient than the original one. Finally, we give a security analysis as well as a new proof of security.
General Meta Tags
19- titleBreaking and Repairing SQIsign2D-East
- charsetutf-8
- viewportwidth=device-width, initial-scale=1, shrink-to-fit=no
- citation_titleBreaking and Repairing SQIsign2D-East
- citation_authorWouter Castryck
Open Graph Meta Tags
7- og:imagehttps://eprint.iacr.org/img/iacrlogo.png
- og:image:altIACR logo
- og:urlhttps://eprint.iacr.org/2024/1453
- og:site_nameIACR Cryptology ePrint Archive
- og:typearticle
Link Tags
2- stylesheet/css/dist/css/bootstrap.min.css
- stylesheet/css/eprint.css?v=10
Links
34- https://creativecommons.org/licenses/by/4.0
- https://eprint.iacr.org
- https://eprint.iacr.org/2024/1453
- https://eprint.iacr.org/about.html
- https://eprint.iacr.org/archive/2024/1453/1726593960.pdf