1. Practical attacks against the Walnut digital signature scheme 2018 Asiacrypt Attacks Cryptanalysis PQC Signatures
    Ward Beullens and Simon R. Blackburn
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    author = {Ward Beullens and Simon R. Blackburn},
    title = {Practical attacks against the Walnut digital signature scheme},
    howpublished = {Cryptology ePrint Archive, Report 2018/318},
    year = {2018},
    note = {\url{https://eprint.iacr.org/2018/318}},

Recently, NIST started the process of standardizing quantum- resistant public-key cryptographic algorithms. WalnutDSA, the subject of this paper, is one of the 20 proposed signature schemes that are being considered for standardization. Walnut relies on a one-way function called E-Multiplication, which has a rich algebraic structure. This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem. The attacks work very well in practice; it is possible to forge signatures and compute equivalent secret keys for the 128-bit and 256-bit security parameters submitted to NIST in less than a second and in less than a minute respectively.