Conference ProceedingsOPEN ACCESS

Cryptanalysis of SFLASH with slightly modified parameters

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2007) 4515 LNCS 264-275
DOI: 10.1007/978-3-540-72540-4_15
37Citations
Citations of this article
29Readers
Mendeley users who have this article in their library.
Get full text

Abstract

SFLASH is a signature scheme which belongs to a family of multivariate schemes proposed by Patarin et al. in 1998 [9]. The SFLASH scheme itself has been designed in 2001 [8] and has been selected in 2003 by the NESSIE European Consortium [6] as the best known solution for implementation on low cost smart cards. In this paper, we show that slight modifications of the parameters of SFLASH within the general family initially proposed renders the scheme insecure. The attack uses simple linear algebra, and allows to forge a signature for an arbitrary message in a question of minutes for practical parameters, using only the public key. Although SFLASH itself is not amenable to our attack, it is worrying to observe that no rationale was ever offered for this "lucky" choice of parameters. © International Association for Cryptology Research 2007.

Cite

CITATION STYLE

APA

Dubois, V., Fouque, P. A., & Stern, J. (2007). Cryptanalysis of SFLASH with slightly modified parameters. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4515 LNCS, pp. 264–275). Springer Verlag. https://doi.org/10.1007/978-3-540-72540-4_15

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free