Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}

ePrint Report: Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}

Fernando Virdia

A recent series of works (Hecht, IACR ePrint, 2020–2021) propose to build post-quantum public-key encapsulation, digital signatures, group key agreement and oblivious transfer from "R-propped" variants of the Symmetrical Decomposition and Discrete Logarithm problems for matrix groups over $\mathbb{F}_{2^8}$. We break all four proposals by presenting a linearisation attack on the Symmetrical Decomposition platform, a forgery attack on the signature scheme, and a demonstration of the …

breaking build digital digital signatures eprint report key matrix oblivious post-quantum problems public quantum report series signatures transfer