TY - GEN
T1 - Practical and Theoretical Cryptanalysis of VOX
AU - Guo, Hao
AU - Jin, Yi
AU - Pan, Yuansheng
AU - He, Xiaoou
AU - Gong, Boru
AU - Ding, Jintai
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - VOX is a UOV-like hash-and-sign signature scheme from the Multivariate Quadratic (MQ) family, which has been submitted to NIST Post-Quantum Cryptography Project, in response to NIST’s Call for Additional Digital Signature Schemes for the PQC Standardization Process. In 2023, the submitters of VOX updated the sets of recommended parameters of VOX, due to the rectangular MinRank attack proposed by Furue and Ikematsu. In this work we demonstrate the insecurity of the updated VOX from both the practical and the theoretical aspects. First, we conduct a practical MinRank attack against VOX, which uses multiple matrices from matrix deformation of public key to form a large rectangular matrix and evaluate the rank of this new matrix. By using Kipnis–Shamir method and Gröbner basis calculation only instead of support-minors method, our experiment shows it could recover, within two seconds, the secret key of almost every updated recommended instance of VOX. Moreover, we propose a theoretical analysis on VOX by expressing public/secret key as matrices over a smaller field to find a low-rank matrix, resulting in a more precise estimation on the concrete hardness of VOX; for instance, the newly recommended VOX instance claimed to achieve NIST security level 3 turns out to be 69-bit-hard, as our analysis shows.
AB - VOX is a UOV-like hash-and-sign signature scheme from the Multivariate Quadratic (MQ) family, which has been submitted to NIST Post-Quantum Cryptography Project, in response to NIST’s Call for Additional Digital Signature Schemes for the PQC Standardization Process. In 2023, the submitters of VOX updated the sets of recommended parameters of VOX, due to the rectangular MinRank attack proposed by Furue and Ikematsu. In this work we demonstrate the insecurity of the updated VOX from both the practical and the theoretical aspects. First, we conduct a practical MinRank attack against VOX, which uses multiple matrices from matrix deformation of public key to form a large rectangular matrix and evaluate the rank of this new matrix. By using Kipnis–Shamir method and Gröbner basis calculation only instead of support-minors method, our experiment shows it could recover, within two seconds, the secret key of almost every updated recommended instance of VOX. Moreover, we propose a theoretical analysis on VOX by expressing public/secret key as matrices over a smaller field to find a low-rank matrix, resulting in a more precise estimation on the concrete hardness of VOX; for instance, the newly recommended VOX instance claimed to achieve NIST security level 3 turns out to be 69-bit-hard, as our analysis shows.
KW - MPKC
KW - PQC
KW - VOX
UR - http://www.scopus.com/inward/record.url?scp=85197127333&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-62746-0_9
DO - 10.1007/978-3-031-62746-0_9
M3 - Conference Proceeding
AN - SCOPUS:85197127333
SN - 9783031627453
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 186
EP - 208
BT - Post-Quantum Cryptography - 15th International Workshop, PQCrypto 2024, Proceedings
A2 - Saarinen, Markku-Juhani
A2 - Smith-Tone, Daniel
A2 - Smith-Tone, Daniel
PB - Springer Science and Business Media Deutschland GmbH
T2 - 15th International Conference on Post-Quantum Cryptography, PQCrypto 2024
Y2 - 12 June 2024 through 14 June 2024
ER -