Abstract
VOX is a UOV-like hash-and-sign signature scheme from the Multivariate Quadratic (MQ) family, which has been submitted to NIST Post-Quantum Cryptography Project, in response to NIST’s Call for Additional Digital Signature Schemes for the PQC Standardization Process. In 2023, the submitters of VOX updated the sets of recommended parameters of VOX, due to the rectangular MinRank attack proposed by Furue and Ikematsu.
In this work we demonstrate the insecurity of the updated VOX from both the practical and the theoretical aspects.
First, we conduct a practical MinRank attack against VOX, which uses multiple matrices from matrix deformation of public key to form a large rectangular matrix and evaluate the rank of this new matrix. By using Kipnis–Shamir method and Gröbner basis calculation only instead of support-minors method, our experiment shows it could recover, within two seconds, the secret key of almost every updated recommended instance of VOX.
Moreover, we propose a theoretical analysis on VOX by expressing public/secret key as matrices over a smaller field to find a low-rank matrix, resulting in a more precise estimation on the concrete hardness of VOX; for instance, the newly recommended VOX instance claimed to achieve NIST security level 3 turns out to be 69-bit-hard, as our analysis shows.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bardet, M., Bertin, M.: Improvement of algebraic attacks for solving super determined min rank instances. In: Cheon, J.H., Johansson, T. (eds.) PQCrypto 2022. LNCS, vol. 13512, pp. 107–123. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17234-2_6
Bardet, M., et al.: Improvements of algebraic attacks for solving the rank decoding and MinRank problems. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 507–536. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_17
Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348–373. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_13
Beullens, W.: MAYO: practical post-quantum signatures from oil-and-vinegar maps. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 355–376. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_17
Beullens, W., Campos, F., Celi, S., Hess, B., Kannwischer, M.J.: MAYO. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/mayo-spec-web.pdf
Beullens, W., et al.: UOV: Unbalanced Oil and Vinegar - Algorithm Specifications and Supporting Documentation Version 1.0. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/UOV-spec-web.pdf
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997). https://doi.org/10.1006/jsco.1996.0125, computational algebra and number theory, London (1993)
Courtois, N.T.: Efficient zero-knowledge authentication based on a linear algebra problem MinRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_24
Ding, J., et al.: TUOV: Triangular Unbalanced Oil and Vinegar - Algorithm Specifications and Supporting Documentation Version 1.0. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/TUOV-spec-web.pdf
Ding, J., Petzoldt, A., Schmidt, D.S.: Multivariate Public Key Cryptosystems. AIS, vol. 80. Springer, New York (2020). https://doi.org/10.1007/978-1-0716-0987-3
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Faugère, J., Din, M.S.E., Spaenlehauer, P.: Computing loci of rank defects of linear matrices using gröbner bases and applications to cryptology. In: Koepf, W. (ed.) Symbolic and Algebraic Computation, International Symposium, ISSAC 2010, Munich, Germany, 25–28 July 2010, Proceedings, pp. 257–264. ACM (2010). https://doi.org/10.1145/1837934.1837984
Faugère, J., Din, M.S.E., Spaenlehauer, P.: On the complexity of the generalized MinRank problem. J. Symb. Comput. 55, 30–58 (2013). https://doi.org/10.1016/J.JSC.2013.03.004
Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_16
Faugère, J.C., Macario-Rat, G., Patarin, J., Perret, L.: A New Perturbation for Multivariate Public Key Schemes such as HFE and UOV. Cryptology ePrint Archive, Paper 2022/203 (2022). https://eprint.iacr.org/2022/203
Furue, H., Ikematsu, Y.: A new security analysis against MAYO and QR-UOV using rectangular MinRank attack. In: Shikata, J., Kuzuno, H. (eds.) IWSEC 2023. LNCS, vol. 14128, pp. 101–116. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-41326-1_6
Furue, H., et al.: QR-UOV. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/qruov-spec-web.pdf
Furue, H., Ikematsu, Y., Kiyomura, Y., Takagi, T.: A new variant of unbalanced oil and vinegar using quotient ring: QR-UOV. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 187–217. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_7
Goubin, L., et al.: PROV: PRovable unbalanced Oil and Vinegar Specification v1.0 - 06/01/2023. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/prov-spec-web.pdf
Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_4
Guo, H., Ding, J.: Algebraic relation of three MinRank algebraic modelings. In: Mesnager, S., Zhou, Z. (eds.) WAIFI 2022. LNCS, vol. 13638, pp. 239–249. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22944-2_15
Ikematsu, Y., Nakamura, S., Takagi, T.: Recent progress in the security evaluation of multivariate public-key cryptography. IET Inf. Secur. 17(2), 210–226 (2023). https://doi.org/10.1049/ISE2.12092
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_2
Macario-Rat, G., et al.: Rectangular attack on VOX. IACR Cryptology ePrint Archive, p. 1822 (2023). https://eprint.iacr.org/2023/1822
Nakamura, S., Wang, Y., Ikematsu, Y.: A new analysis of the kipnis-shamir method solving the MinRank problem. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 106(3), 203–211 (2023). https://doi.org/10.1587/TRANSFUN.2022CIP0014
Patarin, J., et al.: Vox specification v1.0 - 06/01/2023. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/vox-spec-web.pdf
Tao, C., Petzoldt, A., Ding, J.: Efficient key recovery for All HFE signature variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 70–93. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_4
Verbel, J., Baena, J., Cabarcas, D., Perlner, R., Smith-Tone, D.: On the complexity of “Superdetermined’’ Minrank instances. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 167–186. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_10
Wang, L.C., et al.: SNOVA - Proposal for NISTPQC: Digital Signature Schemes project. Round 1 Additional Signatures, Post-Quantum Cryptography: Digital Signature Schemes (2023). https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-1/spec-files/SNOVA-spec-web.pdf
Wang, Y., Ikematsu, Y., Nakamura, S., Takagi, T.: Revisiting the minrank problem on multivariate cryptography. In: You, I. (ed.) WISA 2020. LNCS, vol. 12583, pp. 291–307. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65299-9_22
Acknowledgments
This work is supported by National Key R &D Program of China (No. 2021YFB3100100) and Beijing Natural Science Foundation (No. M22001).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
Disclosure of Interests
The authors have no competing interests to declare that are relevant to the content of this article.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, H., Jin, Y., Pan, Y., He, X., Gong, B., Ding, J. (2024). Practical and Theoretical Cryptanalysis of VOX. In: Saarinen, MJ., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2024. Lecture Notes in Computer Science, vol 14772. Springer, Cham. https://doi.org/10.1007/978-3-031-62746-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-62746-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-62745-3
Online ISBN: 978-3-031-62746-0
eBook Packages: Computer ScienceComputer Science (R0)