GLYPH: A New Insantiation of the GLP Digital Signature Scheme

In 2012 Güneysu, et al. proposed GLP, a practical and efficient post-quantum digital signature scheme based on the computational hardness of the Ring Learning With Errors problem. It has some advantages over more recent efficient post-quantum digital signature proposals such as BLISS and Ring-TESLA, but Ring Learning With Errors hardness is more fully understood now than when GLP was published a half decade ago. Although not broken, GLP as originally proposed is no longer considered to offer strong levels of security. We propose GLYPH, a new instantiation of GLP, parametrised for 128 bits of security under the very conservative assumptions proposed in [2], which gives a strong assurance that it will be secure against forgery even if there are further developments in lattice cryptanalysis. Parameters to obtain this strong security level in an efficient manner were not possible within the original formulation of GLP, as they are not compatible with a signature compression algorithm, and to address this we also propose a new form of the compression algorithm which works efficiently with wider ranges of parameters. We have produced a software implementation of GLYPH, and we place it in the public domain at github.com/quantumsafelattices/glyph.

[1]  Yuval Yarom,et al.  To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures , 2017, IACR Cryptol. ePrint Arch..

[2]  Mehdi Tibouchi,et al.  Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers , 2017, CCS.

[3]  Paulo S. L. M. Barreto,et al.  Sharper Ring-LWE Signatures , 2016, IACR Cryptol. ePrint Arch..

[4]  Vikram Singh A Practical Key Exchange for the Internet using Lattice Cryptography , 2015, IACR Cryptol. ePrint Arch..

[5]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[6]  Vikram Singh,et al.  Even More Practical Key Exchanges for the Internet using Lattice Cryptography , 2015, IACR Cryptol. ePrint Arch..

[7]  Tanja Lange,et al.  Flush, Gauss, and reload : a cache attack on the BLISS lattice-based signature scheme , 2016 .

[8]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[9]  Arjun Chopra,et al.  Improved Parameters for the Ring-TESLA Digital Signature Scheme , 2016, IACR Cryptol. ePrint Arch..

[10]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[12]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[13]  Sedat Akleylek,et al.  An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation , 2016, AFRICACRYPT.