In this paper, we present a new key recovery attack on a Hamming-metric code-based signature scheme proposed by Song, Huang, Mu, Wu, and Wang (SHMWW). Our attack extends the statistical part of the attack proposed by Aragon, Baldi, Deneuville, Khathuria, Persichetti, and Santini (ABDKPS). In addition to classifying the columns of the secret matrix, we also completely determine the entries of the identity columns of this matrix via statistical method. While we need to collect more signatures, our attack has better time complexity as it requires less than 2³² and 2³⁵ operations to perform the attack for Para-1 and Para-2 respectively. This gives a tradeoff between the number of required signatures and the running time of the attack. From the simulation using a proof-of-concept Sagemath implementation, a total of no more than 1500 signatures is needed to launch the attack, which can completely recover the secret key in under 45 minutes. When performed in parallel, the attack may recover the secret key in less than 5 seconds.

在本文中，我们针对 Song、Huang、Mu、Wu 和 Wang (SHMWW) 提出的基于汉明度量码的签名方案提出了一种新的密钥恢复攻击。我们的攻击扩展了 Aragon、Baldi、Deneuville、Khathuria、Persichetti 和 Santini (ABDKPS) 提出的攻击的统计部分。除了对秘密矩阵的列进行分类之外，我们还通过统计方法完全确定了该矩阵的单位列的条目。虽然我们需要收集更多签名，但我们的攻击具有更好的时间复杂度，因为它需要少于 2 ³²和 2 ³⁵分别对Para-1和Para-2进行攻击。这在所需签名的数量和攻击的运行时间之间进行了权衡。从使用概念验证 Sagemath 实现的模拟来看，发起攻击总共需要不超过 1500 个签名，可以在 45 分钟内完全恢复密钥。当并行执行时，攻击可以在不到 5 秒的时间内恢复密钥。