Generic Attacks and the Security of Quartz

Abstract. The signature scheme Quartz is based on a trapdoor function G that be-longs to a family called HFEv-. This function has the advantage to have two indepen-dent security parameters, and we claim that if d is big enough, no better method to compute an inverse of G than the exhaustive search is known. This paper looks at the security of Quartz under this (quite a strong) assumption. It allows a generic approach to the security of Quartz. We view it as a special case of a general construction called generalized Feistel-Patarin scheme, that transforms a trapdoor function into a short signature scheme. The main object of this paper is the concrete security of this general construction. On one hand, we present generic attacks on such schemes. On the other hand, we study the possibility to prove or justify the security with some well chosen assumptions. Unfortunately for Quartz, our lower and upper security bounds do not coincide. Still the best attack known for Quartz is our generic attack using O(280) computations with O(280) of memory. We will also propose an alternative way of doing short signatures, less general than the Feistel-Patarin scheme, but for which both bounds do coincide

SFLASHv3, a fast asymmetric signature scheme

SFLASH-v2 is one of the three asymmetric signature schemes recommended by the European consortium for low-cost smart cards. The latest implementation report published at PKC 2003 shows that SFLASH-v2 is the fastest signature scheme known. This is a detailed specification of SFLASH-v3 produced in 2003 for fear of v2 being broken. HOWEVER after detailed analysis by Chen Courtois and Yang [ICICS04], Sflash-v2 is not broken and we still recommend the previous version Sflash-v2, already recommended by Nessie, instead of this version

MQ Signature and Proxy Signature Schemes with Exact Security Based on UOV Signature

Multivariate public key cryptography which relies on MQ (Multivariate Quadratic) problems is one of the main approaches to guarantee the security of communication in the post-quantum world. In this paper, we propose a combined MQ signature scheme based on the yet unbroken UOV (Unbalanced Oil and Vinegar) signature if parameters are properly chosen. Our scheme can not only reduce the public key size of the UOV signature, but also provide more tighter bound of security against chosen-message attack in the random oracle model. On the other hand, we propose a proxy signature scheme based on our proposed combined signature scheme. Additionally, we give a strict security proof for our proxy signature scheme. Finally, we present experiments for all of our proposed schemes and the baseline schemes. Comparisons with related schemes show that our work has some advantages on performance along with more strict security