16 research outputs found
Cryptanalysis of a New Code-based Signature Scheme with Shorter Public Key in PKC 2019
Song, Huang, Mu, and Wu proposed a new code-based signature scheme, the Rank Quasi-Cyclic Signature (RQCS) scheme (PKC 2019, Cryptology ePrint Archive 2019/053), which is based on an IND-CCA2 KEM scheme, RQC, proposed by Aguilar Melchor et al. (NIST PQC Standardization Round 1). Their scheme is an analogue to the Schnorr signature scheme.
In this short note, we investigate the security of the RQCS scheme. We report a key-recovery known-message attack by following the discussion in Aragon, Blazy, Gaborit, Hauteville, and Zémor (Cryptology ePrint Archive 2018/1192) and an experimental result. The key-recovery attack requires only one signature to retrieve a secret key and recovers a secret key within 10 seconds
Characterizing Membership Privacy in Stochastic Gradient Langevin Dynamics
Bayesian deep learning is recently regarded as an intrinsic way to
characterize the weight uncertainty of deep neural networks~(DNNs). Stochastic
Gradient Langevin Dynamics~(SGLD) is an effective method to enable Bayesian
deep learning on large-scale datasets. Previous theoretical studies have shown
various appealing properties of SGLD, ranging from the convergence properties
to the generalization bounds. In this paper, we study the properties of SGLD
from a novel perspective of membership privacy protection (i.e., preventing the
membership attack). The membership attack, which aims to determine whether a
specific sample is used for training a given DNN model, has emerged as a common
threat against deep learning algorithms. To this end, we build a theoretical
framework to analyze the information leakage (w.r.t. the training dataset) of a
model trained using SGLD. Based on this framework, we demonstrate that SGLD can
prevent the information leakage of the training dataset to a certain extent.
Moreover, our theoretical analysis can be naturally extended to other types of
Stochastic Gradient Markov Chain Monte Carlo (SG-MCMC) methods. Empirical
results on different datasets and models verify our theoretical findings and
suggest that the SGLD algorithm can not only reduce the information leakage but
also improve the generalization ability of the DNN models in real-world
applications.Comment: Under review of AAAI 202
An algebraic approach to the Rank Support Learning problem
Rank-metric code-based cryptography relies on the hardness of decoding a
random linear code in the rank metric. The Rank Support Learning problem (RSL)
is a variant where an attacker has access to N decoding instances whose errors
have the same support and wants to solve one of them. This problem is for
instance used in the Durandal signature scheme. In this paper, we propose an
algebraic attack on RSL which clearly outperforms the previous attacks to solve
this problem. We build upon Bardet et al., Asiacrypt 2020, where similar
techniques are used to solve MinRank and RD. However, our analysis is simpler
and overall our attack relies on very elementary assumptions compared to
standard Gr{\"o}bner bases attacks. In particular, our results show that key
recovery attacks on Durandal are more efficient than was previously thought
A Code-specific Conservative Model for the Failure Rate of Bit-flipping Decoding of LDPC Codes with Cryptographic Applications
Characterizing the decoding failure rate of iteratively decoded Low- and
Moderate-Density Parity Check (LDPC/MDPC) codes is paramount to build
cryptosystems based on them, able to achieve indistinguishability under
adaptive chosen ciphertext attacks. In this paper, we provide a statistical
worst-case analysis of our proposed iterative decoder obtained through a simple
modification of the classic in-place bit-flipping decoder. This worst case
analysis allows both to derive the worst-case behaviour of an LDPC/MDPC code
picked among the family with the same length, rate and number of parity checks,
and a code-specific bound on the decoding failure rate. The former result
allows us to build a code-based cryptosystem enjoying the -correctness
property required by IND-CCA2 constructions, while the latter result allows us
to discard code instances which may have a decoding failure rate significantly
different from the average one (i.e., representing weak keys), should they be
picked during the key generation procedure
About Low DFR for QC-MDPC Decoding
International audienceMcEliece-like code-based key exchange mechanisms using QC-MDPC codes can reach IND-CPA security under hardness assumptions from coding theory, namely quasi-cyclic syndrome decoding and quasi-cyclic codeword finding. To reach higher security requirements, like IND-CCA security, it is necessary in addition to prove that the decoding failure rate (DFR) is negligible, for some decoding algorithm and a proper choice of parameters. Getting a formal proof of a low DFR is a difficult task. Instead, we propose to ensure this low DFR under some additional security assumption on the decoder. This assumption relates to the asymptotic behavior of the decoder and is supported by several other works. We define a new decoder, Backflip, which features a low DFR. We evaluate the Backflip decoder by simulation and extrapolate its DFR under the decoder security assumption. We also measure the accuracy of our simulation data, in the form of confidence intervals, using standard techniques from communication systems