# Lattice Signatures and Bimodal Gaussians

@article{Ducas2013LatticeSA, title={Lattice Signatures and Bimodal Gaussians}, author={L{\'e}o Ducas and Alain Durmus and Tancr{\`e}de Lepoint and Vadim Lyubashevsky}, journal={IACR Cryptol. ePrint Arch.}, year={2013}, volume={2013}, pages={383} }

Our main result is a construction of a lattice-based digital signature scheme that represents an improvement, both in theory and in practice, over today’s most efficient lattice schemes. The novel scheme is obtained as a result of a modification of the rejection sampling algorithm that is at the heart of Lyubashevsky’s signature scheme (Eurocrypt, 2012) and several other lattice primitives. Our new rejection sampling algorithm which samples from a bimodal Gaussian distribution, combined with a…

## 503 Citations

Improvement and Efficient Implementation of a Lattice-Based Signature Scheme

- Computer Science, MathematicsSelected Areas in Cryptography
- 2013

Experimental results show that GPV with the new trapdoor construction is competitive to the signature schemes that are currently used in practice, and how to improve the GPV scheme in terms of space and running time is shown.

Asymptotically Efficient Lattice-Based Digital Signatures

- Computer Science, MathematicsJournal of Cryptology
- 2017

This work presents a general framework that converts certain types of linear collision-resistant hash functions into one-time signatures, and gives a digital signature scheme with an essentially optimal performance/security trade-off.

A Lattice-Based Incremental Signature Scheme

- Computer Science, MathematicsIEEE Access
- 2019

The experimental results demonstrate that the incremental signature scheme is effective for signing a series of messages with many overlaps, and is proven secure against adaptive chosen-message attacks in the standard model, assuming the small integer solutions problem on lattices is intractable.

High-Speed Signatures from Standard Lattices

- Computer Science, MathematicsLATINCRYPT
- 2014

This work first refine the security analysis of the original work and proposes a new 128-bit secure parameter set chosen for software efficiency, and increases the acceptance probability of the signing algorithm through an improved rejection condition on the secret keys.

A signature scheme from Learning with Truncation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

This paper revisits the modular lattice signature scheme and its efficient instantiation, and shows that by replacing the uniform sampling in pqNTRUSign with a bimodal Gaussian sampling, it can further reduce the size of a signature.

Practical Lattice-Based Digital Signature Schemes

- Computer Science, MathematicsACM Trans. Embed. Comput. Syst.
- 2015

This article focuses on recent developments and the current state of the art in lattice-based digital signatures and provides a comprehensive survey discussing signature schemes with respect to practicality and discusses future research areas that are essential for the continued development of lattICE-based cryptography.

An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation

- Computer Science, MathematicsAFRICACRYPT
- 2016

This paper provides a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations, and presents experimental results obtained from a software implementation of the scheme.

Lattice-Based Linearly Homomorphic Signature Scheme over F 2

- Computer Science, MathematicsSecur. Commun. Networks
- 2020

This paper uses uniform sampling of filtering technology to design the scheme, and then, it has a smaller public key size and signature size than the existing schemes and it can resist side-channel attacks.

Modular lattice signatures, revisited

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

It is shown that by replacing the uniform sampling in pqNTRUSign with a bimodal Gaussian sampling, the authors can further reduce the size of a signature and can now perform batch verification of messages signed by the same public key, which allows the verifier to check approximately 24 signatures in a single verification process.

Lattice-Based Signature Schemes and Their Sensitivity to Fault Attacks

- Computer Science, Mathematics2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)
- 2016

This paper investigates the vulnerability and resistance of the currently most efficient lattice-based signature schemes BLISS, ring-TESLA, and the GLP scheme and their implementations and proposes countermeasures for each of the respective attacks.

## References

SHOWING 1-10 OF 60 REFERENCES

Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures

- Computer Science, MathematicsASIACRYPT
- 2009

This work demonstrates how the framework that is used for creating efficient number-theoretic ID and signature schemes can be transferred into the setting of lattices and is able to shorten the length of the signatures that are produced by Girault's factoring-based digital signature scheme.

Lattice Signatures Without Trapdoors

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

This work provides an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology, and shows that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem.

Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems

- Computer Science, MathematicsCHES
- 2012

This work presents a signature scheme whose security is derived from the hardness of lattice problems and is based on recent theoretical advances in lattice-based cryptography and is highly optimized for practicability and use in embedded systems.

Making NTRU as Secure as Worst-Case Problems over Ideal Lattices

- Computer Science, MathematicsEUROCRYPT
- 2011

This work shows how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields.

Trapdoors for hard lattices and new cryptographic constructions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.

Lattice-based Blind Signatures

- Computer Science, MathematicsAlgorithms and Number Theory
- 2009

Using hard lattice problems, such as the shortest vector problem, as the basis of security has advantages over using the factoring or discrete logarithm problems, for instance, lattice operations are more efficient than modular exponentiation and lattICE problems remain hard for quantum and subexponential-time adversaries.

Cryptanalysis of the Revised NTRU Signature Scheme

- Computer Science, MathematicsEUROCRYPT
- 2002

A three-stage attack against Revised NSS, an NTRU-based signature scheme, shows that a passive adversary observing only a few valid signatures can recover the signer's entire private key in polynomial time.

An Efficient and Parallel Gaussian Sampler for Lattices

- Computer Science, MathematicsCRYPTO
- 2010

To the knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique and a new Gaussian sampling algorithm for lattices that is efficient and highly parallelizable.

Lattice-Based Identification Schemes Secure Under Active Attacks

- Computer Science, MathematicsPublic Key Cryptography
- 2008

This work constructs a 3-move identification scheme whose security is based on the worst-case hardness of the shortest vector problem in all lattices, and also presents a more efficient versionbased on the hardness ofthe same problem in ideal lattices.

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

We give new methods for generating and using "strong trapdoors" in cryptographic lattices, which are simultaneously simple, efficient, easy to implement (even in parallel), and asymptotically optimal…