The Cracking of WalnutDSA: A Survey
1
MACIMTE, U. Rey Juan Carlos, 28933 Móstoles, Spain
2
BBVA Next Technologies, 28050 Madrid, Spain
*
Author to whom correspondence should be addressed.
Symmetry 2019, 11(9), 1072; https://doi.org/10.3390/sym11091072
Received: 8 July 2019 / Revised: 19 August 2019 / Accepted: 20 August 2019 / Published: 23 August 2019
(This article belongs to the Special Issue Interactions between Group Theory, Symmetry and Cryptology)
This paper reports on the Walnut Digital Signature Algorithm (WalnutDSA), which is an asymmetric signature scheme recently presented for standardization at the NIST call for post-quantum cryptographic constructions. WalnutDSA is a group theoretical construction, the security of which relies on the hardness of certain problems related to an action of a braid group on a finite set. In spite of originally resisting the typical attacks succeeding against this kind of construction, soon different loopholes were identified rendering the proposal insecure (and finally, resulting in it being excluded from Round 2 of the NIST competition). Some of these attacks are related to the well-structured and symmetric masking of certain secret elements during the signing process. We explain the design principles behind this proposal and survey the main attack strategies that have succeeded, contradicting its claimed security properties, as well as the recently-proposed ideas aimed at overcoming these issues.
View Full-Text
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
MDPI and ACS Style
Escribano Pablos, J.I.; González Vasco, M.I.; Marriaga, M.E.; Pérez del Pozo, Á.L. The Cracking of WalnutDSA: A Survey. Symmetry 2019, 11, 1072.
Show more citation formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.