In this work, we cryptanalyse the post-quantum signature scheme AIMer v2.1, which is one of the winners of the Korean Post-Quantum Cryptography competition (KpqC), and whose earlier version was a candidate in the US NIST’s additional post-quantum digital signatures call. We show that AIM2, the underlying symmetric-key primitive, is not secure up to the claimed level by developing and applying a new algebraic attack framework based on extended linearization over a univariate polynomial ring and a novel algorithm for finding a null vector of a polynomial matrix. In particular misuse scenarios, such as reused-key or related-key settings, our attacks become practically feasible, allowing experimental verification and benchmarking. We also evaluate the approach on the RAIN block cipher used in the Rainier post-quantum signature scheme and obtain improved attacks, although not threatening its claimed security.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Magic Pot: Cryptanalysis of Full AIM2 in the Standard and Related-/reused-Key Settings Using New Elimination Framework

  • Alex Biryukov,
  • Pablo García Fernández,
  • Aleksei Udovenko

摘要

In this work, we cryptanalyse the post-quantum signature scheme AIMer v2.1, which is one of the winners of the Korean Post-Quantum Cryptography competition (KpqC), and whose earlier version was a candidate in the US NIST’s additional post-quantum digital signatures call. We show that AIM2, the underlying symmetric-key primitive, is not secure up to the claimed level by developing and applying a new algebraic attack framework based on extended linearization over a univariate polynomial ring and a novel algorithm for finding a null vector of a polynomial matrix. In particular misuse scenarios, such as reused-key or related-key settings, our attacks become practically feasible, allowing experimental verification and benchmarking. We also evaluate the approach on the RAIN block cipher used in the Rainier post-quantum signature scheme and obtain improved attacks, although not threatening its claimed security.