Cross-Paradigm Models of Restricted Syndrome Decoding with Application to CROSS

TL;DR

This paper introduces new methods to solve Restricted Syndrome Decoding, impacting the security analysis of the CROSS post-quantum signature scheme by reducing it to known problems.

Contribution

It presents a novel approach to relate ResSD solutions to structured vectors in codes and lattices, enhancing attack strategies and security understanding.

Findings

Effective reduction of ResSD to code-based and lattice-based problems

Theoretical and experimental evaluation on CROSS instances

Increased attack surface for the CROSS scheme

Abstract

Restricted Syndrome Decoding (ResSD) is a variant of linear code decoding problem where each of the error's entries must belong to a fixed small set of values. This problem underlies the security of CROSS, a post-quantum signature scheme that is one of the Round 2 candidates of NIST's ongoing additional signatures call. We show that solutions to this problem can be deduced from vectors of a particular structure and a small norm in newly constructed codes, in both Hamming and Euclidean metrics. This allows us to reduce Restricted Syndrome Decoding to both code-based (Regular Syndrome Decoding) and lattice-based problems (Closest Vector Problem, List of Short/Close Vectors), increasing the attack surface and providing new insights into the security of ResSD. We evaluate our attacks on CROSS instances both theoretically and experimentally on reduced parameters.