We show that the two multivariate signature schemes Enhanced STS, proposed at PQCrypto 2010, and Enhanced TTS, proposed at ACISP 2005, are vulnerable due to systematically missing cross-terms. To this aim, we generalize equivalent keys to so-called good keys for an improved algebraic key recovery attack. In particular, we demonstrate that it is impossible to choose both secure and efficient parameters for Enhanced STS and break all current parameters of both schemes. Since 2010, many variants of Enhanced STS, such as Check Equations or Hidden Pair of Bijections were proposed. We break all these variants and show that making STS secure will either lead to a variant known as the Oil, Vinegar and Salt signature scheme or, if we also require the signing algorithm to be efficient, to the well-known Rainbow signature scheme. We show that our attack is more efficient than any previously known attack. © 2012 Springer-Verlag.
CITATION STYLE
Thomae, E., & Wolf, C. (2012). Cryptanalysis of enhanced TTS, STS and all its variants, or: Why cross-terms are important. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7374 LNCS, pp. 188–202). https://doi.org/10.1007/978-3-642-31410-0_12
Mendeley helps you to discover research relevant for your work.