Search Results (10)

The increasing threat of quantum computing to traditional cryptographic systems has prompted intense research into post-quantum schemes. Despite SNOVA’s potential for lightweight and secure digital signatures, its performance on embedded devices (e.g., ARMv8 platforms) remains underexplored. This research addresses this gap by presenting the optimal SNOVA implementations on embedded devices. This paper presents a performance-optimized implementation of the SNOVA post-quantum digital signature scheme on ARMv8 processors. SNOVA is a multivariate cryptographic algorithm under consideration in the NIST’s additional signature standardization. Our work targets the performance bottlenecks in the SNOVA scheme. Specifically, we employ matrix arithmetic over ${\mathbb{GF}}_{16}$ and AES-CTR-based pseudorandom number generation by exploiting the NEON SIMD extension and tailoring the computations to the matrix rank. At a low level, we develop rank-specific SIMD kernels for addition and multiplication. Rank 4 matrices (i.e., 16 bytes) are handled using fully vectorized instructions that align with 128-bit-wise registers, while rank 2 matrices (i.e., 4 bytes) are processed in batches of four to ensure full SIMD occupancy. At the high level, core routines such as key generation and signature evaluation are structurally refactored to provide aligned memory layouts for batched execution. This joint optimization across algorithmic layers reduces the overhead and enables seamless hardware acceleration. The resulting implementation supports 12 SNOVA parameter sets and demonstrates substantial efficiency improvements compared to the reference baseline. These results highlight that fine-grained SIMD adaptation is essential for the efficient deployment of multivariate cryptography on modern embedded platforms. Full article

Multivariate public-key cryptosystems are potential candidates for post-quantum cryptography. The security of multivariate public-key cryptosystems relies on the hardness of solving a system of multivariate quadratic polynomial equations. Faugère’s F4 algorithm is one of the solution techniques based on the theory of Gröbner bases and selects critical pairs to compose the Macaulay matrix. Reducing the matrix size is essential. Previous research has not fully examined how many critical pairs it takes to reduce to zero when echelonizing the Macaulay matrix in rows. Ito et al. (2021) proposed a new critical-pair selection strategy for solving multivariate quadratic problems associated with encryption schemes. Instead, this paper extends their selection strategy for solving the problems associated with digital signature schemes. Using the OpenF4 library, we compare the software performance between the integrated F4-style algorithm of the proposed methods and the original F4-style algorithm. Our experimental results demonstrate that the proposed methods can reduce the processing time of the F4-style algorithm by up to a factor of about seven under certain specific parameters. Moreover, we compute the minimum number of critical pairs to reduce to zero and propose their extrapolation outside our experimental scope for further research. Full article

A rogue certificate authority (RCA) is a dishonest entity that has the trust of web browsers and users to produce valid key pairs which are vulnerable. This work analyses two acknowledged post-quantum secure Multivariate Quadratic Problem (MQP) based signature schemes, namely the UOV and Rainbow signature schemes that obtain their key pair from a potential RCA methodology. We revisit two and provide a novel RCA methodology that would enable adversaries to forge UOV and Rainbow signatures. We also lay out two strategies to identify whether the public parameters are generated by the first two methodologies. To this end, strategies to identify the third strategy remain elusive. As such, the UOV and Rainbow schemes remain vulnerable to forgery if it was forged via the third methodology. Full article

Algorithms based on the hardness of solving multivariate quadratic equations present promising candidates for post-quantum digital signatures. Contemporary threats to implementations of cryptographic algorithms, especially in embedded systems, include side-channel analysis, where attacks such as differential power analysis allow for the extraction of secret keys from the device’s power consumption or its electromagnetic emission. To prevent these attacks, various countermeasures must be implemented. In this paper, we propose a novel side-channel countermeasure for multivariate quadratic digital signatures through the concept of equivalent private keys. We propose a random equivalent key to be generated prior to every signing, thus randomizing the computation and mitigating side-channel attacks. We demonstrate our approach on the Rainbow digital signature, but since an unbalanced oil and vinegar is its special case, our work is applicable to other multivariate quadratic signature schemes as well. We analyze the proposed countermeasure regarding its properties such as the number of different equivalent keys or the amount of required fresh randomness, and we propose an efficient way to implement the countermeasure. We evaluate its performance regarding side-channel leakage and time/memory requirements. Using test vector leakage assessment, we were not able to detect any statistically significant leakage from our protected implementation. Full article

In 2016, the National Institute of Standards and Technology (NIST) announced an open competition with the goal of finding and standardizing suitable algorithms for quantum-resistant cryptography. This study presents a detailed, mathematically oriented overview of the round-three finalists of NIST’s post-quantum cryptography standardization consisting of the lattice-based key encapsulation mechanisms (KEMs) CRYSTALS-Kyber, NTRU and SABER; the code-based KEM Classic McEliece; the lattice-based signature schemes CRYSTALS-Dilithium and FALCON; and the multivariate-based signature scheme Rainbow. The above-cited algorithm descriptions are precise technical specifications intended for cryptographic experts. Nevertheless, the documents are not well-suited for a general interested mathematical audience. Therefore, the main focus is put on the algorithms’ corresponding algebraic foundations, in particular LWE problems, NTRU lattices, linear codes and multivariate equation systems with the aim of fostering a broader understanding of the mathematical concepts behind post-quantum cryptography. Full article

In addition to their usefulness in proving one’s identity electronically, identification protocols based on zero-knowledge proofs allow designing secure cryptographic signature schemes by means of the Fiat–Shamir transform or other similar constructs. This approach has been followed by many cryptographers during the NIST (National Institute of Standards and Technology) standardization process for quantum-resistant signature schemes. NIST candidates include solutions in different settings, such as lattices and multivariate and multiparty computation. While error-correcting codes may also be used, they do not provide very practical parameters, with a few exceptions. In this manuscript, we explored the possibility of using the error-correcting codes proposed by Stakhov in 2006 to design an identification protocol based on zero-knowledge proofs. We showed that this type of code offers a valid alternative in the error-correcting code setting to build such protocols and, consequently, quantum-resistant signature schemes. Full article

This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field $\mathbb{K}$ and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when $\alpha =0.001$ (probability that a 0 bit of the original secret key will flip to a 1 bit) and $\beta$ (probability that a 1 bit of the original private key will flip to a 0 bit) in the range $\{0.001,0.01,0.02,\dots ,0.15\}$ by enumerating approximately $2^{40}$ candidates. Full article

Triple negative breast cancer (TNBC) represent 15% of breast cancers. Histoclinical features and marketed prognostic gene expression signatures (GES) failed to identify good- and poor-prognosis patients. Tyrosine kinases (TK) represent potential prognostic and/or therapeutic targets for TNBC. We sought to define a prognostic TK GES in a large series of TNBC. mRNA expression and histoclinical data of 6379 early BCs were collected from 16 datasets. We searched for a TK-based GES associated with disease-free survival (DFS) and tested its robustness in an independent validation set. A total of 1226 samples were TNBC. In the learning set of samples (N = 825), we identified a 13-TK GES associated with DFS. This GES was associated with cell proliferation and immune response. In multivariate analysis, it outperformed the previously published GESs and classical prognostic factors in the validation set (N = 401), in which the patients classified as “low-risk” had a 73% 5-year DFS versus 53% for “high-risk” patients (p = 1.85 × 10⁻³). The generation of 100,000 random 13-gene signatures by a resampling scheme showed the non-random nature of our classifier, which was also prognostic for overall survival in multivariate analysis. We identified a robust and non-random 13-TK GES that separated TNBC into subgroups of different prognosis. Clinical and functional validations are warranted. Full article

Multivariate Public Key Cryptography (MPKC) is one of the main candidates for post-quantum cryptography, especially in the area of signature schemes. In this paper, we instantiate a certificate Identity-Based Signature (IBS) scheme based on Rainbow, one of the most efficient and secure multivariate signature schemes. In addition, we revise the previous identity-based signature scheme IBUOV based on the Unbalanced Oil and Vinegar (UOV) scheme on the security and choice of parameters and obtain that our scheme is more efficient than IBUOV in terms of key sizes and signature sizes. Full article

Multivariate quadratic (MQ) cryptography requires the use of long public and private keys to ensure a sufficient security level, but this is not favorable to embedded systems, which have limited system resources. Recently, various approaches to MQ cryptography using reduced public keys have been studied. As a result of this, at CHES2011 (Cryptographic Hardware and Embedded Systems, 2011), a small public key MQ scheme, was proposed, and its feasible implementation on an embedded microprocessor was reported at CHES2012. However, the implementation of a small private key MQ scheme was not reported. For efficient implementation, random number generators can contribute to reduce the key size, but the cost of using a random number generator is much more complex than computing MQ on modern microprocessors. Therefore, no feasible results have been reported on embedded microprocessors. In this paper, we propose a feasible implementation on embedded microprocessors for a small private key MQ scheme using a pseudo-random number generator and hash function based on a block-cipher exploiting a hardware Advanced Encryption Standard (AES) accelerator. To speed up the performance, we apply various implementation methods, including parallel computation, on-the-fly computation, optimized logarithm representation, vinegar monomials and assembly programming. The proposed method reduces the private key size by about 99.9% and boosts signature generation and verification by 5.78% and 12.19% than previous results in CHES2012. Full article