A Revision of CROSS Security
277 views
Skip to first unread message
Federico Pintore
Jan 28, 2025, 9:55:14 AM1/28/25
to pqc-forum
Dear all,
We would like to draw your attention to our recent preprint [1]:
The authors of CROSS have already been informed.
With kind regards,
We would like to draw your attention to our recent preprint [1]:
A Revision of CROSS Security: Proofs and Attacks for Multi-Round Fiat-Shamir Signatures.The work proposes a novel forgery attack against digital signatures obtained by applying the Fiat-Shamir transform to fixed-weight parallel repetitions of 5-round interactive proofs. The attack is of particular relevance for CROSS, as it shows that many of its current parameter sets provide a lower level of security than claimed, with reductions up to 24% in the worst case.
The proposed attack stems from a generic security analysis of fixed-weight repetitions of (2m+1)-round (k_1,...,k_m)-special-sound interactive proofs [2]. Since our work focuses solely on the fixed-weight-repetition technique, the hardness of the mathematical problems underpinning the security of CROSS remains unaffected.
The authors of CROSS have already been informed.
With kind regards,
Michele, Riccardo, Edoardo, Giovanni and Federico
[1] Michele Battagliola, Riccardo Longo, Federico Pintore, Edoardo Signorini, and Giovanni Tognolini
A Revision of CROSS Security: Proofs and Attacks for Multi-Round Fiat-Shamir Signatures
https://eprint.iacr.org/2025/127
A Revision of CROSS Security: Proofs and Attacks for Multi-Round Fiat-Shamir Signatures
https://eprint.iacr.org/2025/127
[2] Michele Battagliola, Riccardo Longo, Federico Pintore, Edoardo Signorini, and Giovanni Tognolini
Security of Fixed-Weight Repetitions of Special-Sound Multi-Round Proofs
Security of Fixed-Weight Repetitions of Special-Sound Multi-Round Proofs
Reply all
Reply to author
Forward
0 new messages