Improved Parameters for the Ring-TESLA Digital Signature Scheme

Akleylek et al. have proposed Ring-TESLA, a practical and efficient digital signature scheme based on the Ring Learning With Errors problem. However we have identified there are some problems with the parameters proposed for Ring-TESLA, as we believe they do not ensure the correct operation of the scheme and do not provide the targeted levels of security under either the provable Ring-TESLA reduction, or an assessment of practical modern attacks such as lattice sieving. We recommend new Ring-TESLA parameters that target more security levels and provide for correct, secure, and efficient instantiation. We describe the necessary preliminaries, recap the Ring-TESLA scheme, and present our parameter recommendations, selection methodology, and analysis. We have implemented Ring-TESLA using our recommended parameters, and we place this software in the public domain.

[1]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[2]  Markku-Juhani O. Saarinen Gaussian Sampling Precision in Lattice Cryptography , 2015 .

[3]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[5]  Pierre-Alain Fouque,et al.  Comparison between Subfield and Straightforward Attacks on NTRU , 2016, IACR Cryptol. ePrint Arch..

[6]  Sedat Akleylek,et al.  An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation , 2016, AFRICACRYPT.

[7]  Chris Peikert,et al.  How (Not) to Instantiate Ring-LWE , 2016, SCN.

[8]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[9]  Paulo S. L. M. Barreto,et al.  Sharper Ring-LWE Signatures , 2016, IACR Cryptol. ePrint Arch..

[10]  Vikram Singh A Practical Key Exchange for the Internet using Lattice Cryptography , 2015, IACR Cryptol. ePrint Arch..

[11]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[12]  Vikram Singh,et al.  Even More Practical Key Exchanges for the Internet using Lattice Cryptography , 2015, IACR Cryptol. ePrint Arch..

[13]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..