On the security of two blind signatures from code equivalence problems

Valerie Gilchrist; Laurane Marco; Christophe Petit; Gang Tang

doi:10.62056/aesg893y6

On the security of two blind signatures from code equivalence problems

Valerie Gilchrist
, Laurane Marco
, Christophe Petit
, Gang Tang

Computer Science

Research output: Contribution to journal › Article › peer-review

Abstract

The Linear Code Equivalence (LCE) problem and the Matrix Code Equivalence (MCE) problem are two examples of code-based hard problems that have gained attention as candidates for use in post-quantum cryptography. They are straightforward to implement, can be viewed as group actions, and offer a good trade-off between compactness and performance in the realm of post-quantum group actions.

With the community gaining confidence in the security of these problems, new variants of these problems have been introduced to achieve particular functionalities in advanced protocols or efficiency improvements. A natural question is then whether the problem variants are as secure as the original ones.

In this work, we consider three problem variants of LCE or MCE. We first consider a variant based on LCE, and reduce it to the original LCE assumption. This problem was presented in a prior version of the blind signature scheme, proposed by Duong, Khuc, Qiao, Susilo and Zhang. Second, we analyse an MCE variant, MIMCE, proposed in the context of another blind signature scheme, by Kutcha, Legrow and Persichetti, and show that the parameters proposed are not sufficient to reach the claimed bit security. Finally, we consider a multi-sample version of MIMCE which we solve in polynomial time.

Original language	English
Number of pages	24
Journal	IACR Communications in Cryptology
Volume	2
Issue number	4
DOIs	https://doi.org/10.62056/aesg893y6
Publication status	Published - 8 Jan 2026

Access to Document

10.62056/aesg893y6Licence: Creative Commons: Attribution (CC BY)

GilchristV2026SecurityFinal published version, 634 KBLicence: Creative Commons: Attribution (CC BY)

Post-Quantum Cryptography: a Cryptanalysis Approach
Petit, C. (Principal Investigator)
Engineering & Physical Science Research Council
1/10/21 → 31/03/27
Project: Research Councils

Cite this

@article{fb964a6875f848d4ba57e1d8fd06fe18,

title = "On the security of two blind signatures from code equivalence problems",

abstract = "The Linear Code Equivalence (LCE) problem and the Matrix Code Equivalence (MCE) problem are two examples of code-based hard problems that have gained attention as candidates for use in post-quantum cryptography. They are straightforward to implement, can be viewed as group actions, and offer a good trade-off between compactness and performance in the realm of post-quantum group actions. With the community gaining confidence in the security of these problems, new variants of these problems have been introduced to achieve particular functionalities in advanced protocols or efficiency improvements. A natural question is then whether the problem variants are as secure as the original ones. In this work, we consider three problem variants of LCE or MCE. We first consider a variant based on LCE, and reduce it to the original LCE assumption. This problem was presented in a prior version of the blind signature scheme, proposed by Duong, Khuc, Qiao, Susilo and Zhang. Second, we analyse an MCE variant, MIMCE, proposed in the context of another blind signature scheme, by Kutcha, Legrow and Persichetti, and show that the parameters proposed are not sufficient to reach the claimed bit security. Finally, we consider a multi-sample version of MIMCE which we solve in polynomial time.",

author = "Valerie Gilchrist and Laurane Marco and Christophe Petit and Gang Tang",

year = "2026",

month = jan,

day = "8",

doi = "10.62056/aesg893y6",

language = "English",

volume = "2",

journal = "IACR Communications in Cryptology",

issn = "3006-5496",

number = "4",

}

TY - JOUR

T1 - On the security of two blind signatures from code equivalence problems

AU - Gilchrist, Valerie

AU - Marco, Laurane

AU - Petit, Christophe

AU - Tang, Gang

PY - 2026/1/8

Y1 - 2026/1/8

N2 - The Linear Code Equivalence (LCE) problem and the Matrix Code Equivalence (MCE) problem are two examples of code-based hard problems that have gained attention as candidates for use in post-quantum cryptography. They are straightforward to implement, can be viewed as group actions, and offer a good trade-off between compactness and performance in the realm of post-quantum group actions. With the community gaining confidence in the security of these problems, new variants of these problems have been introduced to achieve particular functionalities in advanced protocols or efficiency improvements. A natural question is then whether the problem variants are as secure as the original ones. In this work, we consider three problem variants of LCE or MCE. We first consider a variant based on LCE, and reduce it to the original LCE assumption. This problem was presented in a prior version of the blind signature scheme, proposed by Duong, Khuc, Qiao, Susilo and Zhang. Second, we analyse an MCE variant, MIMCE, proposed in the context of another blind signature scheme, by Kutcha, Legrow and Persichetti, and show that the parameters proposed are not sufficient to reach the claimed bit security. Finally, we consider a multi-sample version of MIMCE which we solve in polynomial time.

AB - The Linear Code Equivalence (LCE) problem and the Matrix Code Equivalence (MCE) problem are two examples of code-based hard problems that have gained attention as candidates for use in post-quantum cryptography. They are straightforward to implement, can be viewed as group actions, and offer a good trade-off between compactness and performance in the realm of post-quantum group actions. With the community gaining confidence in the security of these problems, new variants of these problems have been introduced to achieve particular functionalities in advanced protocols or efficiency improvements. A natural question is then whether the problem variants are as secure as the original ones. In this work, we consider three problem variants of LCE or MCE. We first consider a variant based on LCE, and reduce it to the original LCE assumption. This problem was presented in a prior version of the blind signature scheme, proposed by Duong, Khuc, Qiao, Susilo and Zhang. Second, we analyse an MCE variant, MIMCE, proposed in the context of another blind signature scheme, by Kutcha, Legrow and Persichetti, and show that the parameters proposed are not sufficient to reach the claimed bit security. Finally, we consider a multi-sample version of MIMCE which we solve in polynomial time.

UR - https://cic.iacr.org/

U2 - 10.62056/aesg893y6

DO - 10.62056/aesg893y6

M3 - Article

SN - 3006-5496

VL - 2

JO - IACR Communications in Cryptology

JF - IACR Communications in Cryptology

IS - 4

ER -

On the security of two blind signatures from code equivalence problems

Abstract

Access to Document

Fingerprint

Projects

Post-Quantum Cryptography: a Cryptanalysis Approach

Cite this