A new key recovery attack on a code-based signature from the Lyubashevsky framework

In this paper, we present a new key recovery attack on a Hamming-metric code-based signature scheme proposed by Song, Huang, Mu, Wu, and Wang (SHMWW). Our attack extends the statistical part of the attack proposed by Aragon, Baldi, Deneuville, Khathuria, Persichetti, and Santini (ABDKPS). In addition to classifying the columns of the secret matrix, we also completely determine the entries of the identity columns of this matrix via statistical method. While we need to collect more signatures, our attack has better time complexity as it requires less than 232 and 235 operations to perform the attack for Para-1 and Para-2 respectively. This gives a tradeoff between the number of required signatures and the running time of the attack. From the simulation using a proof-of-concept Sagemath implementation, a total of no more than 1500 signatures is needed to launch the attack, which can completely recover the secret key in under 45 minutes. When performed in parallel, the attack may recover the secret key in less than 5 seconds. & COPY; 2023 Elsevier B.V. All rights reserved.

Automated summary

This paper presents a new key recovery attack on a Hamming-metric code-based signature scheme proposed by SHMWW. The attack extends the statistical part of the attack proposed by ABDKPS. In addition to classifying the columns of the secret matrix, the attack also determines the entries of the identity columns of this matrix via statistical method. The attack has better time complexity and can recover the secret key in under 45 minutes with no more than 1500 signatures.