Canal-U

Mon compte
Inria

5.4. Parallel-CFS


Copier le code pour partager la vidéo :
<div style="position:relative;padding-bottom:56.25%;padding-top:10px;height:0;overflow:hidden;"><iframe src="https://www.canal-u.tv/video/inria/embed.1/5_4_parallel_cfs.32985?width=100%&amp;height=100%" style="position:absolute;top:0;left:0;width:100%;height: 100%;" width="550" height="306" frameborder="0" allowfullscreen scrolling="no"></iframe></div> Si vous souhaitez partager une séquence, indiquez le début de celle-ci , et copiez le code : h m s
Auteur(s) :
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu

Producteur Canal-U :
Inria
Contacter le contributeur
J’aime
Imprimer
partager facebook twitter Google +

5.4. Parallel-CFS

In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute two different CFS signatures? For the signer, you simply take twice as much computation because you have to do two signatures. And then, the signature is twice longer because you have just to concatenate two signatures. One would assume that for the attacker it is the same, he simply has to forge two signatures. Well, things are a little more complicated than that. What happens when you want to do decoding one out of many twice in a row? So, you start with a set of N documents and compute the hashes of these documents to build a list of target syndromes. As we have seen, if N = 2^(mt/3), one solution is found on average. Then, we can move on to the second hash function and try to do also decoding one out of many. The only problem is, you only have one solution with the first hash function. So, you only have one target document for the second problem and you cannot do decoding one out of many anymore. In order to be able to do decoding one out of many twice in a row, you need to start from a much larger list of syndromes. Then, find a set of solutions instead of just a single solution and use this set of solutions to find one solution to both hash functions at the time. This means that the set of target syndromes has to be larger and the complexity of the attack will be larger. We have just seen that for the attacker, computing syndrome decoding twice in a row is more complicated. But the same kind of problem happens to the legitimate signer when using counters. The first strategy would be first, pick a document D, use the first hash function to compute a signature, this will get the value of the counter i; then, use h' to compute the second signature with a second value of the counter i'.


 

commentaires


Ajouter un commentaire Lire les commentaires
*Les champs suivis d’un astérisque sont obligatoires.
Aucun commentaire sur cette vidéo pour le moment (les commentaires font l’objet d’une modération)
 

Dans la même collection

FMSH
 
Facebook Twitter Google+
Mon Compte