SFLASH fully broken

Vivien Dubois (ENS), Pierre-Alain Fouque (ENS), Adi Shamir (Weizmann & ENS), and Jacques Stern (ENS) have broken SFLASH. SFLASH is a multivariate signature scheme designed by Nicolas Courtois, Louis Goubin and Jacques Patarin. It is recommended in the final report of the NESSIE project; albeit only for resource-constrained devices. The article does not seem to be public yet, its title is Cryptanalysis of the SFLASH family of signature schemes (excerpt from ECRYPT newsletter):

We are able to break all C*- schemes.
It allows to forge a signature for an arbitrary message in a few minutes for practical parameters, using only the public key. The attack has been fully implemented and can break SFLASH v2 which has been accepted by NESSIE, as well as SFLASH v3 which has been also proposed by the designers.

This result was also announced by Jacques Stern during the ASIACRYPT 2006 rump session on December 5th, 2006. Rest in Peace, C*-.

Leave a Reply