Abstract
We present a novel code-based signature scheme called modified pqsigRM. This scheme is based on a modified Reed–Muller (RM) code, which reduces the signing complexity and key size compared with existing code-based signature schemes. In fact, it strengthens pqsigRM submitted to NIST for post-quantum cryptography standardization. The proposed scheme has the advantage of the pqsigRM decoder and uses public codes that are more difficult to distinguish from random codes. We use $(U,U+V)$ -codes with the high-dimensional hull to overcome the disadvantages of code-based schemes. The proposed decoder samples from coset elements with small Hamming weight for any given syndrome and efficiently finds such an element. Using a modified RM code, the proposed signature scheme resists various known attacks on RM-code-based cryptography. For 128 bits of classical security, the signature size is 4096 bits, and the public key size is less than 1 MB.
Highlights
Code-based cryptographic algorithms have been extensively studied in post-quantum cryptography (PQC)
The existential unforgeability under a chosen message attack (EUF-CMA) security of the modified pqsigRM is reduced to the modified RM code distinguishing problem and DOOM with high-dimensional hull, which are defined as follows
Where tc = t + O(qH · n2), DwH is the distribution of the syndromes H eT when e is drawn uniformly from the binary vectors of weight w, Us is the uniform distribution over Fn2−k, Dw is the distribution of the decoding result of Algorithm 3, Uw is the uniform distribution over the binary vectors of weight w, Drand is the uniform distribution over the random codes with high-dimensional hull, and Dpub is the uniform distribution over the public keys of modified pqsigRM
Summary
Code-based cryptographic algorithms have been extensively studied in post-quantum cryptography (PQC). Finiasz, and Sendrier proposed the CFS signature scheme [2], which is a code-based signature scheme using a full-domain hash (FDH) approach. EUF-CMA security of the CFS signature scheme without the indistinguishability of Goppa codes [18], the large key size and expensive signing remain as drawbacks. To find a signature with small Hamming weight, the scheme in [7] uses a sparse coset element added to a codeword with small Hamming weight Even though this is efficient and has a small key size, an attack algorithm was presented in [6]. A new code-based signature scheme using binary codes with a (U , U + V )-code as its subcode is proposed.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
