Key recovery attack on Circulant UOV/Rainbow

Yasufumi Hashimoto
2019 JSIAM Letters  
UOV and Rainbow are multivariate signature schemes, which are known to be efficient and secure enough against known attacks under suitable parameter selections, and have been expected to be post-quantum cryptography. Recently, new variants of UOV and Rainbow, called Circulant UOV and Circulant Rainbow respectively, were proposed by Peng and Tang. In these variants, the signature generation is faster than the original schemes since circulant matrices appear in the process of signature
more » ... However, such circulant structures weaken the security. In this paper, we study the structures of these circulant variants and show that they are vulnerable against Kipnis-Shamir's attack.
doi:10.14495/jsiaml.11.45 fatcat:iq3ocupvm5buvgsee5r2a32xr4