Total break of the l-IC signature scheme

Abstract

In this paper, we describe efficient forgery and full-key recovery attacks on the l-IC- signature scheme recently proposed at PKC 2007. This cryptosystem is a multivariate scheme based on a new internal quadratic primitive which avoids some drawbacks of previous multivariate schemes: the scheme is extremely fast since it requires one exponentiation in a finite field of medium size and the public key is shorter than in many multivariate signature schemes. Our attacks rely on the recent cryptanalytic tool developed by Dubois et al. against the SFLASH signature scheme. However, the final stage of the attacks requires the use of Gröbner basis techniques to conclude to actually forge a signature (resp. to recover the secret key). For the forgery attack, this is due to the fact that Patarin's attack is much more difficult to mount against l-IC. The key recovery attack is also very efficient since it is faster to recover equivalent secret keys than to forge. © 2008 Springer-Verlag Berlin Heidelberg.