Abstract
This paper reports on the Walnut Digital Signature Algorithm (WalnutDSA), which is an asymmetric signature scheme recently presented for standardization at the NIST call for post-quantum cryptographic constructions. WalnutDSA is a group theoretical construction, the security of which relies on the hardness of certain problems related to an action of a braid group on a finite set. In spite of originally resisting the typical attacks succeeding against this kind of construction, soon different loopholes were identified rendering the proposal insecure (and finally, resulting in it being excluded from Round 2 of the NIST competition). Some of these attacks are related to the well-structured and symmetric masking of certain secret elements during the signing process. We explain the design principles behind this proposal and survey the main attack strategies that have succeeded, contradicting its claimed security properties, as well as the recently-proposed ideas aimed at overcoming these issues.
Funder
Universidad Rey Juan Carlos
North Atlantic Treaty Organization
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference29 articles.
1. Efficient One-Time Signatures from Quasi-Cyclic Codes: A Full Treatment
2. Practical Lattice-Based Cryptography: NTRUEncrypt and NTRUSign
3. Optimized Supersingular Isogeny Key Encapsulation on ARMv8 Processors;Jalali;IACR Cryptol. ePrint Arch.,2019
4. Braid Group Cryptography;Garber,2007