Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

Youngjoo An, Hyang Sook Lee, Juhee Lee, Seongan Lim

Research output: Contribution to journalArticlepeer-review


The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky's signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

Original languageEnglish
Article number8525163
JournalSecurity and Communication Networks
StatePublished - 2018

Bibliographical note

Funding Information:
This research was supported by Priority Research Centers Program of the Ministry of Education (Grant Number 2009-0093827). Seongan Lim was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning (no: 2016R1D1A1B01008562).

Publisher Copyright:
© 2018 Youngjoo An et al.


Dive into the research topics of 'Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem'. Together they form a unique fingerprint.

Cite this