Please use this identifier to cite or link to this item:
Title: Related-key differential cryptanalysis of GMiMC used in post-quantum signatures
Authors: Chen, Shiyao
Guo, Chun
Guo, Jian
Liu, Li
Wang, Meiqin
Wei, Puwen
Xu, Zeyu
Keywords: Science::Physics
Issue Date: 2022
Source: Chen, S., Guo, C., Guo, J., Liu, L., Wang, M., Wei, P. & Xu, Z. (2022). Related-key differential cryptanalysis of GMiMC used in post-quantum signatures. 25th International Conference on Information Security and Cryptology (ICISC 2022), LNCS 13849, 41-60.
Conference: 25th International Conference on Information Security and Cryptology (ICISC 2022)
Abstract: With the urgency of the threat imposed by quantum computers, there is a strong interest in making the signature schemes quantum resistant. As the promising candidates to ensure post-quantum security, symmetric-key primitives, in particular the recent MPC/FHE/ZK-friendly hash functions or block ciphers, are providing another choice to build efficient and secure signature schemes that do not rely on any assumed hard problems. However, considering the intended use cases, many of these novel ciphers for advanced cryptographic protocols do not claim the related-key security. In this paper, we initiate the study of the ignored related-key security of GMiMC proposed by Albrecht et al. at ESORICS 2019, some versions of which are optimized and designed to be used in post-quantum secure signatures. By investigating the potential threats of related-key attacks for GMiMC intended to be deployed as the underlying building block in post-quantum signature schemes, we then construct two kinds of iterative related-key differentials, from which not only do we explore its security margin against related-key attacks, but also collision attacks on its key space can be performed. For example, for GMiMC instance that beats the smallest signature size obtainable using LowMC, we can find its key collision using only about 2 10 key pairs. It worths noting that our current key collision attack is only applicable when the adversarial power is sufficiently strong (e.g., in the so-called multi-user setting), and it does not threaten the one-wayness of GMiMC. Furthermore, from the experiments of our related-key differentials, it can be observed that the differential clustering effect of GMiMC differs in both aspects: the choice of the finite field F being Fp or F2n, and the size of the finite field F.
ISBN: 9783031293702
DOI: 10.1007/978-3-031-29371-9_3
Schools: School of Physical and Mathematical Sciences 
Research Centres: Strategic Centre for Research in Privacy-Preserving Technologies and Systems
Rights: © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. This paper was published in the Proceedings of 25th International Conference on Information Security and Cryptology (ICISC 2022) and is made available with permission of The Author(s).
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SPMS Conference Papers

Files in This Item:
File Description SizeFormat 
Related-Key Differential Cryptanalysis on GMiMC.pdf452.96 kBAdobe PDFThumbnail

Page view(s)

Updated on Jun 14, 2024


Updated on Jun 14, 2024

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.