Affiliation:
1. Sorbonne Université, CNRS, LIP6
Abstract
Biscuit is a recent multivariate signature scheme based on the MPC-in-the-Head paradigm. It has been submitted to the NIST competition for additional signature schemes. Signatures are derived from a zero-knowledge proof of knowledge of the solution of a structured polynomial system. This extra structure enables efficient proofs and compact signatures. This short note demonstrates that it also makes these polynomial systems easier to solve than random ones. As a consequence, the original parameters of Biscuit failed to meet the required security levels and had to be upgraded.
Publisher
International Association for Cryptologic Research
Reference31 articles.
1. Biscuit;Luk Bettale,2023
2. Biscuit: New MPCitH Signature Scheme from Structured
Multivariate Polynomials;Luk Bettale,2024
3. Computers and Intractability: A Guide to the Theory of
NP-Completeness;M. R. Garey,1979
4. A multivariate quadratic challenge toward post-quantum
generation cryptography;Takanori Yasuda;ACM Commun. Comput. Algebra,2015
5. From 5-Pass MQ-Based Identification to
MQ-Based Signatures;Ming-Shing Chen,2016