An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation

In view of the expected progress in cryptanalysis it is important to find alternatives for currently used signature schemes such as RSA and ECDSA. The most promising lattice-based signature schemes to replace these schemes are CRYPTO 2013 and GLP CHES 2012. Both come with a security reduction from a lattice problem and have high performance. However, their parameters are not chosen according to their provided security reduction, i.e., the instantiation is not provably secure. In this paper, we present the first lattice-based signature scheme with good performance when provably secure instantiated. To this end, we provide a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations. We present experimental results obtained from a software implementation of our scheme. They show that our scheme, when provably secure instantiated, performs comparably with BLISS and the GLP scheme.

[1]  Michael Naehrig,et al.  Sieving for shortest vectors in ideal lattices: a practical perspective , 2017, Int. J. Appl. Cryptogr..

[2]  Michael Schneider,et al.  Sieving for Shortest Vectors in Ideal Lattices , 2013, AFRICACRYPT.

[3]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[4]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[5]  Pierre-Alain Fouque,et al.  An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices , 2015, IACR Cryptol. ePrint Arch..

[6]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[7]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[8]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[9]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[10]  Thomas Johansson,et al.  Coded-BKW: Solving LWE Using Lattice Codes , 2015, CRYPTO.

[11]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[12]  Daniele Micciancio,et al.  Faster exponential time algorithms for the shortest vector problem , 2010, SODA '10.

[13]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[14]  Peter Schwabe,et al.  High-Speed Signatures from Standard Lattices , 2014, LATINCRYPT.

[15]  P. Campbell,et al.  SOLILOQUY: A CAUTIONARY TALE , 2014 .

[16]  Rachid El Bansarkhani,et al.  High Performance Lattice-based CCA-secure Encryption , 2015, IACR Cryptol. ePrint Arch..

[17]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[18]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[19]  Thijs Laarhoven,et al.  Sieving for Shortest Vectors in Lattices Using Angular Locality-Sensitive Hashing , 2015, CRYPTO.

[20]  Martin R. Albrecht,et al.  Algebraic algorithms for LWE problems , 2015, ACCA.

[21]  László Babai,et al.  A Las Vegas - NC algorithm for isomorphism of graphs with bounded multiplicity of eigenvalues , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[22]  Mehdi Tibouchi,et al.  Tightly Secure Signatures From Lossy Identification Schemes , 2015, Journal of Cryptology.

[23]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[24]  Sanjit Chatterjee,et al.  Another Look at Tightness , 2011, IACR Cryptol. ePrint Arch..

[25]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Léo Ducas,et al.  Accelerating Bliss: the geometry of ternary polynomials , 2014, IACR Cryptol. ePrint Arch..

[27]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[28]  Tsuyoshi Takagi,et al.  Parallel Gauss Sieve Algorithm: Solving the SVP Challenge over a 128-Dimensional Ideal Lattice , 2014, Public Key Cryptography.

[29]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[30]  Serge Vaudenay,et al.  Better Algorithms for LWE and LWR , 2015, EUROCRYPT.

[31]  Erdem Alkim,et al.  TESLA: Tightly-Secure Efficient Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[32]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[33]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[34]  Peter Schwabe,et al.  Software Speed Records for Lattice-Based Signatures , 2013, PQCrypto.

[35]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[36]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[37]  Kristin E. Lauter,et al.  Ring-LWE Cryptography for the Number Theorist , 2015, IACR Cryptol. ePrint Arch..

[38]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[39]  Mingjie Liu,et al.  Solving BDD by Enumeration: An Update , 2013, CT-RSA.

[40]  Martin R. Albrecht,et al.  On the Efficacy of Solving LWE by Reduction to Unique-SVP , 2013, ICISC.