An Efficient Attack on a Code-Based Signature Scheme [chapter]

Aurélie Phesso, Jean-Pierre Tillich
2016 Lecture Notes in Computer Science  
Input : s = Hash(m) ∈ {0, 1} r and w ∈ N, H ∈ {0, 1} r ×n Output : e ∈ {0, 1} n : signature, weight(e) ≤ w and He T = Hash(m) T Verification The verifier computes s * def = F(Hash(m||i)) and checks H σ T = s * T and weight(σ) ≤ (m T w + w c )m S If this is not the case, the signature is discarded.
doi:10.1007/978-3-319-29360-8_7 fatcat:qybujbuvmje2nbjr6zh6ekobgq