# SURF: A new code-based signature scheme

@inproceedings{DebrisAlazard2017SURFAN, title={SURF: A new code-based signature scheme}, author={Thomas Debris-Alazard and Nicolas Sendrier and Jean-Pierre Tillich}, year={2017} }

We present here a new code-based digital signature scheme. This scheme uses (U,U + V ) codes where both U and V are random. We show that the distribution of signatures is uniform by suitable rejection sampling. This is one of the key ingredients for our proof that the scheme achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model (ROM) under two assumptions from coding theory, both strongly related to the hardness of decoding in a random…

## Figures and Tables from this paper

## 4 Citations

A tight security reduction in the quantum random oracle model for code-based signature schemes

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

It is shown that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that the authors can have tight security reductions and the obtained parameters are competitive compared to other similar quantum secure signature schemes.

Tight and Optimal Reductions for Signatures based on Average Trapdoor Preimage Sampleable Functions and Applications to Code-Based Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This work shows that the GPV construction also holds for ATPSF in the Random Oracle Model (ROM) and introduces the problem of finding a Claw with a random function (Claw(RF)) and presents a tight security reduction to the Claw(RF) problem.

About Wave Implementation and its Leakage Immunity

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

The key stages for the implementation of the Wave trapdoor inverse function to integrate all the features to achieve leakage-freeness are described and it is shown that the signatures produced by this implementation defeat the Barreto-Persichetti attack.

Ternary Syndrome Decoding with Large Weight

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

It is shown that ternary Syndrome Decoding with large weight is a really harder problem than the binary SyndromeDecoding problem, which could have several applications for the design of code-based cryptosystems.

## References

SHOWING 1-10 OF 49 REFERENCES

A new signature scheme based on (U|U+V) codes

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

This scheme uses (U |U + V ) codes, where both U and V are random, and it is proved that the scheme achieves existential unforgeability under adaptive chosen message attacks under two assumptions from coding theory.

An Efficient Attack on All Concrete KKS Proposals

- Computer SciencePQCrypto
- 2011

This paper investigates the security of a digital signature scheme based on a couple of random error-correcting codes and suggests a simple attack based on Stern's algorithm for finding low weight codewords that efficiently recovers the private key of all schemes of this type existing in the literature.

Optimal Security Proofs for PSS and Other Signature Schemes

- Computer Science, MathematicsEUROCRYPT
- 2001

A new security proof for PSS is derived in which a much shorter random salt is used to achieve the same security level, namely it is shown that log2 qsig bits suffice, whereqsig is the number of signature queries made by the attacker.

A tight security reduction in the quantum random oracle model for code-based signature schemes

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

It is shown that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that the authors can have tight security reductions and the obtained parameters are competitive compared to other similar quantum secure signature schemes.

New Results for Rank-Based Cryptography

- Computer Science, MathematicsAFRICACRYPT
- 2014

New results for rank-based cryptography are surveyed: cryptosystems which are based on error-correcting codes embedded with the rank metric, together with a zero-knowledge authentication scheme and a new signature scheme based on a mixed errors-erasures decoding of LRPC codes.

A New Identification Scheme Based on Syndrome Decoding

- Computer Science, MathematicsCRYPTO
- 1993

This paper proposes a new identification scheme, based on error-correcting codes, which is zero-knowledge and is of practical value, and describes several variants, including one which has an identity based character.

Identity-Based Encryption from Codes with Rank Metric

- Computer Science, MathematicsCRYPTO
- 2017

A new method is proposed, based on the hardness of learning problems with rank metric, to design the first code-based IBE scheme, called RankPKE, where the public key space is dense and thus can be obtained from a hash of any identity.

How to Achieve a McEliece-Based Digital Signature Scheme

- Computer ScienceASIACRYPT
- 2001

This paper disproves the belief that code-based cryptosystems like McEliece do not allow practical digital signatures, and shows a way to build a practical signature scheme based on coding theory.

A Distinguisher for High-Rate McEliece Cryptosystems

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2013

This work presents the first method allowing to distinguish alternant and Goppa codes over any field, and can solve the GD problem in polynomial time provided that the codes have sufficiently large rates.

Code-Based Cryptosystems Using Generalized Concatenated Codes

- Computer ScienceArXiv
- 2015

This work investigates generalized concatenated codes to be used in the McEliece cryptosystem and examines the application of Sendrier's attack on generalized concatanated codes and discusses modifications of the cryptos system making it resistant against these attacks.