Related-key differential cryptanalysis of GMiMC used in post-quantum signatures
With the urgency of the threat imposed by quantum computers, there is a strong interest in making the signature schemes quantum resistant. As the promising candidates to ensure post-quantum security, symmetric-key primitives, in particular the recent MPC/FHE/ZK-friendly hash functions or block ciphe...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/168437 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-168437 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1684372023-06-05T15:34:01Z Related-key differential cryptanalysis of GMiMC used in post-quantum signatures Chen, Shiyao Guo, Chun Guo, Jian Liu, Li Wang, Meiqin Wei, Puwen Xu, Zeyu School of Physical and Mathematical Sciences 25th International Conference on Information Security and Cryptology (ICISC 2022) Strategic Centre for Research in Privacy-Preserving Technologies and Systems Science::Physics Post-Quantum Signature Related-Key Differential Cryptanalysis With the urgency of the threat imposed by quantum computers, there is a strong interest in making the signature schemes quantum resistant. As the promising candidates to ensure post-quantum security, symmetric-key primitives, in particular the recent MPC/FHE/ZK-friendly hash functions or block ciphers, are providing another choice to build efficient and secure signature schemes that do not rely on any assumed hard problems. However, considering the intended use cases, many of these novel ciphers for advanced cryptographic protocols do not claim the related-key security. In this paper, we initiate the study of the ignored related-key security of GMiMC proposed by Albrecht et al. at ESORICS 2019, some versions of which are optimized and designed to be used in post-quantum secure signatures. By investigating the potential threats of related-key attacks for GMiMC intended to be deployed as the underlying building block in post-quantum signature schemes, we then construct two kinds of iterative related-key differentials, from which not only do we explore its security margin against related-key attacks, but also collision attacks on its key space can be performed. For example, for GMiMC instance that beats the smallest signature size obtainable using LowMC, we can find its key collision using only about 2 10 key pairs. It worths noting that our current key collision attack is only applicable when the adversarial power is sufficiently strong (e.g., in the so-called multi-user setting), and it does not threaten the one-wayness of GMiMC. Furthermore, from the experiments of our related-key differentials, it can be observed that the differential clustering effect of GMiMC differs in both aspects: the choice of the finite field F being Fp or F2n, and the size of the finite field F. Submitted/Accepted version This research was funded by DFG Grant LU 608/9-1. 2023-05-30T07:59:05Z 2023-05-30T07:59:05Z 2022 Conference Paper Chen, S., Guo, C., Guo, J., Liu, L., Wang, M., Wei, P. & Xu, Z. (2022). Related-key differential cryptanalysis of GMiMC used in post-quantum signatures. 25th International Conference on Information Security and Cryptology (ICISC 2022), LNCS 13849, 41-60. https://dx.doi.org/10.1007/978-3-031-29371-9_3 9783031293702 https://hdl.handle.net/10356/168437 10.1007/978-3-031-29371-9_3 2-s2.0-85152627968 LNCS 13849 41 60 en © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. This paper was published in the Proceedings of 25th International Conference on Information Security and Cryptology (ICISC 2022) and is made available with permission of The Author(s). application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Physics Post-Quantum Signature Related-Key Differential Cryptanalysis |
| spellingShingle |
Science::Physics Post-Quantum Signature Related-Key Differential Cryptanalysis Chen, Shiyao Guo, Chun Guo, Jian Liu, Li Wang, Meiqin Wei, Puwen Xu, Zeyu Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| description |
With the urgency of the threat imposed by quantum computers, there is a strong interest in making the signature schemes quantum resistant. As the promising candidates to ensure post-quantum security, symmetric-key primitives, in particular the recent MPC/FHE/ZK-friendly hash functions or block ciphers, are providing another choice to build efficient and secure signature schemes that do not rely on any assumed hard problems. However, considering the intended use cases, many of these novel ciphers for advanced cryptographic protocols do not claim the related-key security. In this paper, we initiate the study of the ignored related-key security of GMiMC proposed by Albrecht et al. at ESORICS 2019, some versions of which are optimized and designed to be used in post-quantum secure signatures. By investigating the potential threats of related-key attacks for GMiMC intended to be deployed as the underlying building block in post-quantum signature schemes, we then construct two kinds of iterative related-key differentials, from which not only do we explore its security margin against related-key attacks, but also collision attacks on its key space can be performed. For example, for GMiMC instance that beats the smallest signature size obtainable using LowMC, we can find its key collision using only about 2 10 key pairs. It worths noting that our current key collision attack is only applicable when the adversarial power is sufficiently strong (e.g., in the so-called multi-user setting), and it does not threaten the one-wayness of GMiMC. Furthermore, from the experiments of our related-key differentials, it can be observed that the differential clustering effect of GMiMC differs in both aspects: the choice of the finite field F being Fp or F2n, and the size of the finite field F. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Chen, Shiyao Guo, Chun Guo, Jian Liu, Li Wang, Meiqin Wei, Puwen Xu, Zeyu |
| format |
Conference or Workshop Item |
| author |
Chen, Shiyao Guo, Chun Guo, Jian Liu, Li Wang, Meiqin Wei, Puwen Xu, Zeyu |
| author_sort |
Chen, Shiyao |
| title |
Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| title_short |
Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| title_full |
Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| title_fullStr |
Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| title_full_unstemmed |
Related-key differential cryptanalysis of GMiMC used in post-quantum signatures |
| title_sort |
related-key differential cryptanalysis of gmimc used in post-quantum signatures |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/168437 |
| _version_ |
1772826260585578496 |