Software Speed Records for Lattice-Based Signatures

Novel public-key cryptosystems beyond RSA and ECC are urgently required to ensure long-term security in the era of quantum computing. The most critical issue on the construction of such cryptosys- tems is to achieve security and practicability at the same time. Recently, lattice-based constructions were proposed that combine both properties, such as the lattice-based digital signature scheme presented at CHES 2012. In this work, we present a rst highly-optimized SIMD-based soft- ware implementation of that signature scheme targeting Intel's Sandy Bridge and Ivy Bridge microarchitectures. This software computes a sig- nature in only 634988 cycles on average on an Intel Core i5-3210M (Ivy Bridge) processor. Signature verication takes only 45036 cycles. This performance is achieved with full protection against timing attacks.

[1]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[2]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[3]  Stanislav Bulygin,et al.  Small Public Keys and Fast Verification for $\mathcal{M}$ ultivariate $\mathcal{Q}$ uadratic Public Key Systems , 2011, CHES.

[4]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[5]  J. Pollard,et al.  The fast Fourier transform in a finite field , 1971 .

[6]  Franz Winkler,et al.  Polynomial Algorithms in Computer Algebra , 1996, Texts and Monographs in Symbolic Computation.

[7]  Stanislav Bulygin,et al.  Small Public Keys and Fast Verification for Multivariate Quadratic Public Key Systems , 2011, IACR Cryptol. ePrint Arch..

[8]  Johannes A. Buchmann,et al.  Instantiating Treeless Signature Schemes , 2013, IACR Cryptol. ePrint Arch..

[9]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[10]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[11]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[12]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[13]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[14]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[15]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[16]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[17]  Nicolas Sendrier,et al.  Implementing CFS , 2012, INDOCRYPT.

[18]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2009, Journal of Cryptology.

[19]  Danilo Gligoroski,et al.  MQQ-SIG - An Ultra-Fast and Provably CMA Resistant Digital Signature Scheme , 2011, INTRUST.

[20]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[21]  Chen-Mou Cheng,et al.  SSE Implementation of Multivariate PKCs on Modern x86 CPUs , 2009, CHES.

[22]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[23]  Sorin A. Huss,et al.  On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes , 2012, CHES.

[24]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.