Ressource en auto-formation : 5.3. Attacks against the CFS Scheme

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is key recovery attacks where an attacker tries to recover the secret key from the knowledge of the publi...
cours / présentation - Création : 05-05-2015
Par : Irene MARQUEZ-CORBELLA, Nicolas SENDRIER, Matthieu FINIASZ
Partagez !

Présentation de: 5.3. Attacks against the CFS Scheme

Informations pratiques sur cette ressource

Langue du document : Anglais
Type : cours / présentation
Niveau : master, doctorat
Durée d'exécution : 4 minutes 52 secondes
Contenu : vidéo
Document : video/mp4
Poids : 120.49 Mo
Droits d'auteur : libre de droits, gratuit
Droits réservés à l'éditeur et aux auteurs. Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.

Description de la ressource en auto-formation

Résumé

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is key recovery attacks where an attacker tries to recover the secret key from the knowledge of the public key. These attacks are exactly the same as against the McEliece cryptosystem that you have seen last week. The only difference is the parameters. Here in the signature, we have a small t and a large n but the algorithm remains the same. So, we won't go into details in this session. The second kind of attacks are forgery attacks. These attacks try to create a valid document-signature pair that is a pair of documented signature that a verifier will be able to verify successfully. They are similar to message attacks against McEliece but with one very simple difference, that is, the attacker has a complete control on the documents he wants to sign. Whereas in the McEliece scheme, the attacker is given some ciphertexts and tries to decrypt them. Depending on the version of the CFS signature scheme, the forgery attack will be slightly different. In the counter version of CFS, the attacker will choose a document, pick a counter i, compute the hash of the document and the counter and try to decode this hash as an error of weight t. But, be careful, hash is probably not decodable, only one out of t! is decodable. In the complete decoding version, the attacker will choose a document, compute this hash and try to decode it as an error of weight t + ?. In both cases the attacker has to solve an instance of syndrome decoding. And there are two main algorithms to do this: Information Set Decoding or Generalized Birthday Attack. The only difference is, as we said, the attacker has a complete control on the document. So, instead of focusing on a single document, the attacker can focus on many documents at a time. Instead of choosing the document and picking one counter, he can pick many counters to obtain many different hash values, and among these hash values, some will be decodable. In the complete decoding version, the same thing, the attacker can choose many documents and try to forge a signature for any of these documents.

"Domaine(s)" et indice(s) Dewey

  • Analyse numérique (518)
  • Théorie de l'information (003.54)
  • données dans les systèmes informatiques (005.7)
  • cryptographie (652.8)
  • Mathématiques (510)

Domaine(s)

Document(s) annexe(s) - 5.3. Attacks against the CFS Scheme

Partagez !

AUTEUR(S)

  • Irene MARQUEZ-CORBELLA
  • Nicolas SENDRIER
  • Matthieu FINIASZ

DIFFUSION

Cette ressource en auto-formation vous est proposée par :
Canal-U - accédez au site internet
Sur les réseaux sociaux :

EN SAVOIR PLUS

  • Identifiant de la fiche
    32979
  • Identifiant OAI-PMH
    oai:canal-u.fr:32979
  • Schéma de la métadonnée
  • Entrepôt d'origine
    Canal-U

Ressources en auto-formation sur les mêmes thèmes

Présentation de la ressource en auto-formation 5.1. Code-Based Digital Signatures cours / présentation
5.1. Code-Based Digital Signatures
Auteur(s) : MARQUEZ-CORBELLA Irene, SENDRIER Nicolas, FINIASZ Matthieu
Description : Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key encryption and now we will see other kind of constructions. This first sequence we'll be having a look ...
Présentation de la ressource en auto-formation 5.2. The Courtois-Finiasz-Sendrier (CFS) Construction cours / présentation
5.2. The Courtois-Finiasz-Sendrier (CFS) Construction
Auteur(s) : MARQUEZ-CORBELLA Irene, SENDRIER Nicolas, FINIASZ Matthieu
Description : In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document into decodable syndromes. But it is possible to hash onto the space of all syndromes. The document is ...