Lattice Signatures and Bimodal Gaussians

@article{Ducas2013LatticeSA,
  title={Lattice Signatures and Bimodal Gaussians},
  author={L{\'e}o Ducas and Alain Durmus and Tancr{\`e}de Lepoint and Vadim Lyubashevsky},
  journal={IACR Cryptol. ePrint Arch.},
  year={2013},
  volume={2013},
  pages={383}
}
Our main result is a construction of a lattice-based digital signature scheme that represents an improvement, both in theory and in practice, over today’s most efficient lattice schemes. The novel scheme is obtained as a result of a modification of the rejection sampling algorithm that is at the heart of Lyubashevsky’s signature scheme (Eurocrypt, 2012) and several other lattice primitives. Our new rejection sampling algorithm which samples from a bimodal Gaussian distribution, combined with a… 

Improvement and Efficient Implementation of a Lattice-Based Signature Scheme

TLDR
Experimental results show that GPV with the new trapdoor construction is competitive to the signature schemes that are currently used in practice, and how to improve the GPV scheme in terms of space and running time is shown.

Asymptotically Efficient Lattice-Based Digital Signatures

TLDR
This work presents a general framework that converts certain types of linear collision-resistant hash functions into one-time signatures, and gives a digital signature scheme with an essentially optimal performance/security trade-off.

A Lattice-Based Incremental Signature Scheme

TLDR
The experimental results demonstrate that the incremental signature scheme is effective for signing a series of messages with many overlaps, and is proven secure against adaptive chosen-message attacks in the standard model, assuming the small integer solutions problem on lattices is intractable.

High-Speed Signatures from Standard Lattices

TLDR
This work first refine the security analysis of the original work and proposes a new 128-bit secure parameter set chosen for software efficiency, and increases the acceptance probability of the signing algorithm through an improved rejection condition on the secret keys.

Practical Lattice-Based Digital Signature Schemes

TLDR
This article focuses on recent developments and the current state of the art in lattice-based digital signatures and provides a comprehensive survey discussing signature schemes with respect to practicality and discusses future research areas that are essential for the continued development of lattICE-based cryptography.

An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation

TLDR
This paper provides a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations, and presents experimental results obtained from a software implementation of the scheme.

Lattice-Based Linearly Homomorphic Signature Scheme over F 2

TLDR
This paper uses uniform sampling of filtering technology to design the scheme, and then, it has a smaller public key size and signature size than the existing schemes and it can resist side-channel attacks.

Modular lattice signatures, revisited

TLDR
It is shown that by replacing the uniform sampling in pqNTRUSign with a bimodal Gaussian sampling, the authors can further reduce the size of a signature and can now perform batch verification of messages signed by the same public key, which allows the verifier to check approximately 24 signatures in a single verification process.

Lattice-Based Signature Schemes and Their Sensitivity to Fault Attacks

TLDR
This paper investigates the vulnerability and resistance of the currently most efficient lattice-based signature schemes BLISS, ring-TESLA, and the GLP scheme and their implementations and proposes countermeasures for each of the respective attacks.

Short lattice signatures with constant-size public keys

TLDR
This paper proposes a new method for constructing short lattice signatures with constant-size public keys in the standard model, and introduces a new hard lattice problem, called variant small integer solution (Variant-SIS), and gives the security reduction from smallinteger solution to Variant-S IS.
...

References

SHOWING 1-10 OF 60 REFERENCES

Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures

TLDR
This work demonstrates how the framework that is used for creating efficient number-theoretic ID and signature schemes can be transferred into the setting of lattices and is able to shorten the length of the signatures that are produced by Girault's factoring-based digital signature scheme.

Lattice Signatures Without Trapdoors

TLDR
This work provides an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology, and shows that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem.

Making NTRU as Secure as Worst-Case Problems over Ideal Lattices

TLDR
This work shows how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields.

Trapdoors for hard lattices and new cryptographic constructions

TLDR
A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.

Lattice-based Blind Signatures

  • M. Rückert
  • Computer Science, Mathematics
    Algorithms and Number Theory
  • 2009
TLDR
Using hard lattice problems, such as the shortest vector problem, as the basis of security has advantages over using the factoring or discrete logarithm problems, for instance, lattice operations are more efficient than modular exponentiation and lattICE problems remain hard for quantum and subexponential-time adversaries.

Cryptanalysis of the Revised NTRU Signature Scheme

TLDR
A three-stage attack against Revised NSS, an NTRU-based signature scheme, shows that a passive adversary observing only a few valid signatures can recover the signer's entire private key in polynomial time.

An Efficient and Parallel Gaussian Sampler for Lattices

TLDR
To the knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique and a new Gaussian sampling algorithm for lattices that is efficient and highly parallelizable.

Lattice-Based Identification Schemes Secure Under Active Attacks

TLDR
This work constructs a 3-move identification scheme whose security is based on the worst-case hardness of the shortest vector problem in all lattices, and also presents a more efficient versionbased on the hardness ofthe same problem in ideal lattices.

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller

We give new methods for generating and using "strong trapdoors" in cryptographic lattices, which are simultaneously simple, efficient, easy to implement (even in parallel), and asymptotically optimal

Lattice-Based Cryptography

  • Daniele Micciancio
  • Computer Science, Mathematics
    Encyclopedia of Cryptography and Security
  • 2011
TLDR
This chapter describes some of the recent progress in lattice-based cryptography, which holds a great promise for post-quantum cryptography, as they enjoy very strong security proofs based on worst-case hardness, relatively efficient implementations, as well as great simplicity.
...