AIM: Symmetric Primitive for Shorter Signatures with Stronger Security (Full Version)

Seongkwang Kim; Jincheol Ha; Mincheol Son; Byeonghak Lee; Dukjae Moon; Joohee Lee; Sangyub Lee; Jihoon Kwon; Jihoon Cho; Hyojin Yoon; Jooyoung Lee

Paper 2022/1387

AIM: Symmetric Primitive for Shorter Signatures with Stronger Security (Full Version)

Seongkwang Kim, Samsung SDS

Jincheol Ha, Korea Advanced Institute of Science and Technology

Mincheol Son, Korea Advanced Institute of Science and Technology

Byeonghak Lee, Samsung SDS

Dukjae Moon, Samsung SDS

Joohee Lee, Sungshin Women's University

Sangyub Lee, Samsung SDS

Jihoon Kwon, Samsung SDS

Jihoon Cho, Samsung SDS

Hyojin Yoon, Samsung SDS

Jooyoung Lee, Korea Advanced Institute of Science and Technology

Abstract

Post-quantum signature schemes based on the MPC-in-the-Head (MPCitH) paradigm are recently attracting significant attention as their security solely depends on the one-wayness of the underlying primitive, providing diversity for the hardness assumption in post-quantum cryptography. Recent MPCitH-friendly ciphers have been designed using simple algebraic S-boxes operating on a large field in order to improve the performance of the resulting signature schemes. Due to their simple algebraic structures, their security against algebraic attacks should be comprehensively studied. In this paper, we refine algebraic cryptanalysis of power mapping based S-boxes over binary extension fields, and cryptographic primitives based on such S-boxes. In particular, for the Gröbner basis attack over , we experimentally show that the exact number of Boolean quadratic equations obtained from the underlying S-boxes is critical to correctly estimate the theoretic complexity based on the degree of regularity. Similarly, it turns out that the XL attack might be faster when all possible quadratic equations are found and used from the S-boxes. This refined cryptanalysis leads to more precise algebraic analysis of cryptographic primitives based on algebraic S-boxes. Considering the refined algebraic cryptanalysis, we propose a new one-way function, dubbed , as an MPCitH-friendly symmetric primitive with high resistance to algebraic attacks. The security of is comprehensively analyzed with respect to algebraic, statistical, quantum, and generic attacks. is combined with the BN++ proof system, yielding a new signature scheme, dubbed . Our implementation shows that outperforms existing signature schemes based on symmetric primitives in terms of signature size and signing time.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. ACM CCS 2023
Keywords: post-quantum digital signature MPC-in-the-head algebraic analysis Gröbner basis power mapping
Contact author(s): sk39 kim @ samsung com
smilecjf @ kaist ac kr
encrypted def @ kaist ac kr
byghak lee @ samsung com
dukjae moon @ samsung com
jooheelee @ sungshin ac kr
sangyub0 lee @ samsung com
jihoon kwon @ samsung com
jihoon1 cho @ samsung com
hj1230 yoon @ samsung com
hicalf @ kaist ac kr
History: 2023-03-25: last of 2 revisions; 2022-10-13: received; See all versions
Short URL: https://ia.cr/2022/1387
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1387,
      author = {Seongkwang Kim and Jincheol Ha and Mincheol Son and Byeonghak Lee and Dukjae Moon and Joohee Lee and Sangyub Lee and Jihoon Kwon and Jihoon Cho and Hyojin Yoon and Jooyoung Lee},
      title = {{AIM}: Symmetric Primitive for Shorter Signatures with Stronger Security (Full Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1387},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1387}
}