Citation
Abstract
A rogue certificate authority (RCA) is a dishonest entity that has the trust of web browsers and users to produce valid key pairs which are vulnerable. This work analyses two acknowledged post-quantum secure Multivariate Quadratic Problem (MQP) based signature schemes, namely the UOV and Rainbow signature schemes that obtain their key pair from a potential RCA methodology. We revisit two and provide a novel RCA methodology that would enable adversaries to forge UOV and Rainbow signatures. We also lay out two strategies to identify whether the public parameters are generated by the first two methodologies. To this end, strategies to identify the third strategy remain elusive. As such, the UOV and Rainbow schemes remain vulnerable to forgery if it was forged via the third methodology.
Download File
Full text not available from this repository.
Official URL or Download Paper: https://www.mdpi.com/2073-8994/14/11/2368
|
Additional Metadata
| Item Type: | Article |
|---|---|
| Divisions: | Faculty of Science Institute for Mathematical Research |
| DOI Number: | https://doi.org/10.3390/sym14112368 |
| Publisher: | MDPI AG |
| Keywords: | Multivariate signature schemes; UOV; Rainbow; Multivariate Quadratic Problem; Rogue certificate authority; Weak public key; Post-quantum cryptography |
| Depositing User: | Ms. Che Wa Zakaria |
| Date Deposited: | 22 May 2023 08:15 |
| Last Modified: | 22 May 2023 08:15 |
| Altmetrics: | http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.3390/sym14112368 |
| URI: | http://psasir.upm.edu.my/id/eprint/102304 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |