Performance Analysis of Fault Attack on UOV Multivariate Signature Scheme
摘要
The unbalanced oil and vinegar signature scheme (UOV), which is one of the multivariate signature schemes, is expected to be secure against quantum attacks. To achieve cryptosystem security in a practical manner, we need to deal with security against physical attacks such as fault attacksFault attack, which generate computational errors to lead to security failures. We simulate the performance of a fault attack on UOV proposed by Furue et al. at PQCrypto 2022, which uses faults occurring on the secret key. This attack first recovers a part of the linear map of the secret key by utilizing faults occurring on the secret key, and then transforms the public key system. In this paper, we simulate the fault attack by Furue et al. in the following two conditions: the case where the attack is completed and the case where the number of faults is limited. For two practical parameter sets satisfying 100-bit security, in the first case, we confirmed that the attack breaks the parameters by smaller than 100-bit manipulations with approximately 90% probability and by smaller than 50-bit manipulations with approximately 30% probability. In the second case, our simulation shows that the attack breaks the claimed security level at least 60% probability with only two faults on the central map.