Evaluation and comparison of lattice-based digital signature of the "Digital Signature Schemes" PQC NIST competition
DOI:
https://doi.org/10.30837/rt.2024.2.217.06Keywords:
post-quantum cryptography, signature scheme, digital signature, lattice-based cryptography, NIST PQCAbstract
Over the past decade, post-quantum cryptography has reached a tipping point; institutional bodies and stakeholders have initiated standardization and deployment, and various projects have achieved a reasonably high level of progress and even deployment and implementation. In July 2022, at the end of Round 3 of the NIST's PQC competition, 3 candidates were proposed for the NIST standardization for post-quantum digital signatures scheme: one signature scheme based on MLWE (Crystals-Dilithium), one signature based on NTRU (Falcon), and one signature based on hash (Sphincs+). Although the performance profiles and “black-box” security of these schemes are well understood, resistance to side-channel attacks remains a weak point for all of them. After that, the NIST announced that the PQC standardization process is continuing with a fourth round, with the following KEMs still under consideration: BIKE, Classic McEliece, HQC, and SIKE. However, there are no candidates of digital signature schemes left for consideration. As such, the NIST has issued a call for additional digital signature proposals to be considered in the PQC standardization process. Acceptance of documents ended on June 1, 2023. As a result, 40 candidates were selected for the role of DS standard, namely: 6 DS algorithms based on codes, one DS algorithm based on isogenies, 7 DS algorithms based on lattice operations, 7 candidates for the role of DS algorithm based on the MPC method -in-the-Head and 10 algorithms based on multivariate transformations, 4 DS schemes were selected based on symmetric cryptographic transformations, and 5 more candidates based on other types of cryptographic transformations. The NIST is primarily interested in additional general purpose signature schemes that are not based on structured lattices. For certain applications, such as certificate transparency, the NIST may also be interested in signature schemes that have short signatures and fast verification. The NIST is open to receiving additional materials based on structured lattices, but intends to diversify post-quantum signature standards. Therefore, any structured array-based signature proposal would need to significantly outperform CRYSTALS-Dilithium and FALCON in relevant applications and/or provide significant additional security properties to be considered for standardization. Thus, the purpose of this paper is to analyze, evaluate, and compare digital signature algorithms based on lattice cryptography, an additional PQC NIST competition, and compare them with already standardized lattice-based DS mechanisms, such as CRYSTALS-Dilithium and FALCON.
References
NIST standardization process “Post-Quantum Cryptography: Digital Signature Schemes”. Access mode: https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler and Da-mien Stehlé. “CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme”. 2022.
Thomas Prest; Pierre-Alain Fouque; Jeffrey Hoffstein; Paul Kirchner. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU. Specification v1.2 – 01/10/2020.
Hounkpevi A.C., Djimnaibeye S., Seck M. EagleSign: A new post-quantum ElGamal-like signature over lattices. Submission to the NIST's post-quantum cryptography standardization process. (2023).
Semaev I., Feussner M. Digital Signature Algorithms EHTV3 and EHTV4 submission to NIST PQC. Submission to the NIST’s post-quantum cryptography standardization process. 2023
Cheon J. H., Choe H., Devevey J., Güneysu T., Hong D., Krausz M., Yi M. Haetae: Shorter lattice-based fiat-shamir signatures // Cryptology ePrint Archive. 2023.
Joppe W. Bos, Olivier Bronchain, Léo Ducas, Serge Fehr, Yu-Hsuan Huang, Thomas Pornin, Eamonn W. Postlethwaite, Thomas Prest, Ludo N. Pulles, Wessel van Woerden. HAWK. version 1.0 (June 1, 2023). [Electron-ic resource]. Access mode: https://hawk-sign.info.
Yang Yu, Huiwen Jia, Leibo Li, Delong Ran, Zhiyuan Qiu, Shiduo Zhang, Xiuhan Lin, and Xiaoyun Wang. HuFu: Hash-and-Sign Signatures From Powerful Gadgets. Algorithm Specifications and Supporting Docu-mentation. 2023.
Rafael del Pino, Shuichi Katsumata, Thomas Prest, Mélissa Rossi. Raccoon: A Masking-Friendly Signa-ture Proven in the Probing Model. CRYPTO, 2024.
A. Becker, N. Gama, A. Joux, Solving shortest and closest vector problems: The decomposition ap-proach, IACR Cryptology ePrint Archive, 2013/685.
I. Semaev. New Digital Signature Algorithm EHT, Cryptology ePrint Atchive, 2022/339.
I. Semaev. New Digital Signature Algorithm EHTv2, NISK 2022, 28.11-1.12.2022, Kristiansand, Nor-way.
Leo Ducas, Alain Durmus, Tancrede Lepoint, and Vadim Lyubashevsky. Lattice signatures and bimodal Gaussians // Ran Canetti and Juan A. Garay, editors, Advances in Cryptology – CRYPTO, pages 40–56. Springer, 2013.
Vadim Lyubashevsky. Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures // Mitsuru Matsui, editor, Advances in Cryptology – ASIACRYPT, pages 598–616. Springer, 2009.
Vadim Lyubashevsky. Lattice signatures without trapdoors // David Pointcheval and Thomas Johans-son, editors, Advances in Cryptology – EUROCRYPT, pages 738–755. Springer, 2012.
Erdem Alkim, Paulo S. L. M. Barreto, Nina Bindel, Juliane Kramer, Patrick Longa, and Jefferson E. Ri-cardini. The lattice-based digital signature scheme qTESLA // Cryptology ePrint Archive, Number 2019/085, 2019. [Electronic resource]. – Access mode: https://eprint.iacr.org/2019/085.
Melissa Azouaoui, Olivier Bronchain, Gaetan Cassiers, Clement Hoffmann, Yulia Kuzovkova, Joost Renes, Markus Schonauer, Tobias Schneider, Francois-Xavier Standaert, and Christine van Vredendaal. Leveling Dilithium against leakage: Revisited sensitivity analysis and improved implementations // Cryptology ePrint Ar-chive, Report 2022/1406, 2022. [Electronic resource]. – Access mode: https://eprint.iacr.org/2022/1406.
Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new crypto-graphic constructions // Richard E. Ladner and Cynthia Dwork, editors, 40th ACM STOC, pages 197–206. ACM Press, May 2008.
Daniele Micciancio and Chris Peikert. Trapdoors for lattices: Simpler, tighter, faster, smaller // David Pointcheval and Thomas Johansson, editors, EUROCRYPT 2012, volume 7237 of LNCS, pages 700–718. Springer, Heidelberg, April 2012.
Yang Yu, Huiwen Jia, and Xiaoyun Wang. Compact lattice gadget and its applications to hash-and-sign signatures // CRYPTO 2023, page (to appear), 2023.
Del Pino R., Katsumata S., Maller M., Mouhartem F., Prest T., & Saarinen M. J. (2024, May). Threshold raccoon: Practical threshold signatures from standard lattice assumptions // Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 219–248). Cham: Springer Nature Switzerland.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).