An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation

  title={An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation},
  author={Sedat Akleylek and Nina Bindel and Johannes A. Buchmann and Juliane Kr{\"a}mer and Giorgia Azzurra Marson},
  journal={IACR Cryptol. ePrint Arch.},
In view of the expected progress in cryptanalysis it is important to find alternatives for currently used signature schemes such as RSA and ECDSA. [] Key Result They show that our scheme, when provably secure instantiated, performs comparably with BLISS and the GLP scheme.
Lattice signatures using NTRU on the hardness of worst-case ideal lattice problems
The authors propose an alternative lattice-based signature scheme on the Fiat-Shamir framework over the ring Z [ x ] / ( x n + 1 ) which is provably secure based on the hardness of the Ring SIS problem in the random oracle model.
Lattice-Based Signature Schemes and Their Sensitivity to Fault Attacks
This paper investigates the vulnerability and resistance of the currently most efficient lattice-based signature schemes BLISS, ring-TESLA, and the GLP scheme and their implementations and proposes countermeasures for each of the respective attacks.
The Lattice-Based Digital Signature Scheme qTESLA
We present qTESLA, a post-quantum provably-secure digital signature scheme that exhibits several attractive features such as simplicity, strong security guarantees against quantum adversaries, and
Design of lattice‐based ElGamal encryption and signature schemes using SIS problem
This work presents a lattice‐based version of discrete logarithm problem‐based ElGamal public‐key encryption and signature schemes that exhibit strong security features and efficient implementation and shows that the presented schemes are well protected in the modern computing environment.
Compact and provably secure lattice-based signatures in hardware
The first hardware design of the provably secure Ring-LWE digital signature scheme, Ring-TESLA, is presented, targeting a Xilinx Spartan-6 FPGA and can achieve between 104–785 signatures and 102–776 verifications per second.
Comparing apples with apples: performance analysis of lattice-based authenticated key exchange protocols
This paper compares existing lattice-based authenticated key exchange protocols, generic and direct, and finds that the instantiation of the AKE by Peikert (PQCrypto, 2014) is the most efficient lattICE-based AKE.
GLYPH: A New Insantiation of the GLP Digital Signature Scheme
  • A. Chopra
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2017
GLYPH is proposed, a new instantiation of GLP, parametrised for 128 bits of security under the very conservative assumptions proposed in [2], which gives a strong assurance that it will be secure against forgery even if there are further developments in lattice cryptanalysis.
To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures
A new side-channel key-recovery algorithm is presented against both the original BLISS and the BLISS-B variant, and it is shown that cache attacks on post-quantum cryptography are not only possible, but also practical.
A provably secure code‐based short signature scheme and its nontransferable variant
A provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols, and can be used as a building block to construct short code‐based signature schemes with special properties.


TESLA: Tightly-Secure Efficient Signatures from Standard Lattices
This work proves the lattice-based signature scheme TESLA to be tightly secure based on the learning with errors problem over lattices in the random-oracle model, and improves the security of the original proposal by Bai and Galbraith twofold: the security reduction is tightened and the underlying security assumptions are minimized.
Lattice Signatures Without Trapdoors
This work provides an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology, and shows that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem.
Lattice Signatures and Bimodal Gaussians
A construction of a lattice-based digital signature scheme that represents an improvement over today’s most efficient lattice schemes and has shorter signature and public key sizes than all previously proposed lattice signature schemes.
High-Speed Signatures from Standard Lattices
This work first refine the security analysis of the original work and proposes a new 128-bit secure parameter set chosen for software efficiency, and increases the acceptance probability of the signing algorithm through an improved rejection condition on the secret keys.
Efficiency improvements for signature schemes with tight security reductions
Two approaches are shown which improve both the computational efficiency and signature length of some recently-proposed schemes: Diffie-Hellman signatures and PSS-R, a version of PSS with message recovery with optimal message length.
Tightly Secure Signatures From Lossy Identification Schemes
A general transformation is presented that converts what the authors term$$lossy $$lossy identification schemes into signature schemes with tight security reductions that greatly simplifies the task of constructing and proving the security of such signature schemes.
High Performance Lattice-based CCA-secure Encryption
This paper gives a thorough security analysis as well as an efficient implementation of the CCA1-secure encryption scheme instantiated with the most efficient trapdoor construction and attest that it even outperforms the CPA- secure encryption scheme from Lindner and Peikert presented at CT-RSA 2011.
Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems
This work presents a signature scheme whose security is derived from the hardness of lattice problems and is based on recent theoretical advances in lattice-based cryptography and is highly optimized for practicability and use in embedded systems.
Solving BDD by Enumeration: An Update
This work shows that any security estimate of BDD-based cryptosystems must take into account enumeration attacks, and that BDD enumeration can be practical even in high dimension like 350, and obtain significant improvements upon Lindner-Peikert's Search-LWE algorithm.
The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin
An RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties and a second scheme which maintains all of the above features and in addition provides message recovery is provided.