Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

Youngjoo An; Hyang Sook Lee; Juhee Lee; Seongan Lim

doi:10.1155/2018/8525163

Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

Youngjoo An
, Hyang Sook Lee
, Juhee Lee
, Seongan Lim

Department of Mathematics

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky's signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

Original language	English
Article number	8525163
Journal	Security and Communication Networks
Volume	2018
DOIs	https://doi.org/10.1155/2018/8525163
State	Published - 2018

Bibliographical note

Publisher Copyright:
© 2018 Youngjoo An et al.

Access to Document

10.1155/2018/8525163

Cite this

@article{06fbc6eeab034d3e936f66e3c8a0cadb,

title = "Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem",

abstract = "The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky's signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.",

author = "Youngjoo An and Lee, \{Hyang Sook\} and Juhee Lee and Seongan Lim",

note = "Publisher Copyright: {\textcopyright} 2018 Youngjoo An et al.",

year = "2018",

doi = "10.1155/2018/8525163",

language = "English",

volume = "2018",

journal = "Security and Communication Networks",

issn = "1939-0114",

publisher = "John Wiley and Sons Ltd",

}

TY - JOUR

T1 - Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

AU - An, Youngjoo

AU - Lee, Hyang Sook

AU - Lee, Juhee

AU - Lim, Seongan

PY - 2018

Y1 - 2018

N2 - The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky's signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

AB - The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky's signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

UR - https://www.scopus.com/pages/publications/85056532483

U2 - 10.1155/2018/8525163

DO - 10.1155/2018/8525163

M3 - Article

AN - SCOPUS:85056532483

SN - 1939-0114

VL - 2018

JO - Security and Communication Networks

JF - Security and Communication Networks

M1 - 8525163

ER -

Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

Abstract

Bibliographical note

Access to Document

Fingerprint

Cite this