Stern’s signature scheme is a historically important code-based signature scheme. A crucial optimization of this scheme is to generate pseudo-random vectors and permutation instead of random ones, and most proposals that are based on Stern’s signature use this optimization. However, its security has not been properly analyzed, especially when we use deterministic commitments. In this article, we study the security of this optimization. We first show that for some parameters, there is an attack that exploits this optimization and breaks the scheme in time \(O(2^{\frac{\lambda }{2}})\) while the claimed security is \(\lambda \) bits. This impacts in particular the recent Quasy-cyclic Stern signature scheme (Bidoux et al. in: IEEE international symposium on information theory (ISIT), IEEE Press, Piscataway, 2022). Our second result shows that there is an efficient fix to this attack. By adding a string \(salt \in \{0,1\}^{2\lambda }\) to the scheme, and changing slightly how the pseudo-random strings are generated, we prove not only that our attack doesn’t work but that for any attack, the scheme preserves \(\lambda \) bits of security, and this fix increases the total signature size by only \(2\lambda \) bits. We apply this construction to other optimizations on Stern’s signature scheme, such as the use of Lee’s metric or the use of hash trees, and we show how these optimizations improve the signature length of Stern’s signature scheme.

斯特恩签名方案是历史上重要的基于代码的签名方案。该方案的一个关键优化是生成伪随机向量和排列而不是随机向量和排列，大多数基于 Stern 签名的提案都使用这种优化。然而，它的安全性尚未得到适当的分析，特别是当我们使用确定性承诺时。在本文中，我们研究了这种优化的安全性。我们首先表明，对于某些参数，存在一种利用这种优化的攻击，并在时间\(O(2^{\frac{\lambda }{2}})\)时破坏该方案，而声称的安全性为\(\ lambda \)位。这尤其影响最近的准循环 Stern 签名方案（Bidoux 等人，见：IEEE 国际信息论研讨会 (ISIT)，IEEE Press，Piscataway，2022）。我们的第二个结果表明，针对此攻击有有效的修复方法。通过将字符串\(salt \in \{0,1\}^{2\lambda }\)添加到方案中，并稍微改变伪随机字符串的生成方式，我们不仅证明了我们的攻击不有效，但对于任何攻击，该方案都会保留\(\lambda \)位安全性，并且此修复仅将总签名大小增加\(2\lambda \)位。我们将此构造应用于 Stern 签名方案的其他优化，例如 Lee 度量的使用或哈希树的使用，并且我们展示了这些优化如何改进 Stern 签名方案的签名长度。