Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited
Abstract For the purpose of improving the efficiency of the cryptosystems built upon lattice trapdoors, Chen, Genise and Mukherjee at ASIACRYPT 2019 modified the gadget trapdoor (G‐trapdoor) to an approximate trapdoor, which enables one to sample short preimages approximately from a discrete Gaussia...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2022-01-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12039 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832546645189853184 |
|---|---|
| author | Huiwen Jia Yupu Hu Chunming Tang |
| author_facet | Huiwen Jia Yupu Hu Chunming Tang |
| author_sort | Huiwen Jia |
| collection | DOAJ |
| description | Abstract For the purpose of improving the efficiency of the cryptosystems built upon lattice trapdoors, Chen, Genise and Mukherjee at ASIACRYPT 2019 modified the gadget trapdoor (G‐trapdoor) to an approximate trapdoor, which enables one to sample short preimages approximately from a discrete Gaussian distribution. The implementation shows that the sizes of the hash‐and‐sign signature scheme can be reduced to 3.67 kB for an estimation of 81.67‐bit security, and 9.97 kB for an estimation of 168.81‐bit security. In this study, the spherical sampling method is adapted to the non‐spherical setting, without leaking any information about the trapdoor. Due to the fact that the signature size and the concrete security are closely related to the Gaussian parameter of the sampling algorithm, this technique provides a tradeoff between them. Specifically, two modes of parameters were set up for different goals. (a) Mode 1 admits to achieve the ‘win–win’ scenario, that is, gain concrete security and simultaneously reduce the signature size. Our proof‐of‐concept implementation shows that for an estimation of 94.5‐ and 185.88‐bit security, the signature sizes can be reduced to 3.3 and 6.98 kB. (b) Mode 2 aims mainly to further reduce the signature sizes, without a decrease in the security level. The implementation shows that the signature size can be reduced to 2.35 kB for an estimation of 81.67‐bit security, and 5.75 kB for an estimation of 168.82‐bit security. |
| format | Article |
| id | doaj-art-11bdbc61a3434842b9eead64542a82de |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2022-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-11bdbc61a3434842b9eead64542a82de2025-02-03T06:47:37ZengWileyIET Information Security1751-87091751-87172022-01-01161415010.1049/ise2.12039Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisitedHuiwen Jia0Yupu Hu1Chunming Tang2Key Laboratory of Information Security Guangzhou University Guangzhou ChinaState Key Laboratory of Integrated Service Networks Xidian University Xi’an ChinaKey Laboratory of Information Security Guangzhou University Guangzhou ChinaAbstract For the purpose of improving the efficiency of the cryptosystems built upon lattice trapdoors, Chen, Genise and Mukherjee at ASIACRYPT 2019 modified the gadget trapdoor (G‐trapdoor) to an approximate trapdoor, which enables one to sample short preimages approximately from a discrete Gaussian distribution. The implementation shows that the sizes of the hash‐and‐sign signature scheme can be reduced to 3.67 kB for an estimation of 81.67‐bit security, and 9.97 kB for an estimation of 168.81‐bit security. In this study, the spherical sampling method is adapted to the non‐spherical setting, without leaking any information about the trapdoor. Due to the fact that the signature size and the concrete security are closely related to the Gaussian parameter of the sampling algorithm, this technique provides a tradeoff between them. Specifically, two modes of parameters were set up for different goals. (a) Mode 1 admits to achieve the ‘win–win’ scenario, that is, gain concrete security and simultaneously reduce the signature size. Our proof‐of‐concept implementation shows that for an estimation of 94.5‐ and 185.88‐bit security, the signature sizes can be reduced to 3.3 and 6.98 kB. (b) Mode 2 aims mainly to further reduce the signature sizes, without a decrease in the security level. The implementation shows that the signature size can be reduced to 2.35 kB for an estimation of 81.67‐bit security, and 5.75 kB for an estimation of 168.82‐bit security.https://doi.org/10.1049/ise2.12039sampling methodsdigital signaturescryptographyGaussian distribution |
| spellingShingle | Huiwen Jia Yupu Hu Chunming Tang Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited IET Information Security sampling methods digital signatures cryptography Gaussian distribution |
| title | Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited |
| title_full | Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited |
| title_fullStr | Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited |
| title_full_unstemmed | Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited |
| title_short | Lattice‐based hash‐and‐sign signatures using approximate trapdoor, revisited |
| title_sort | lattice based hash and sign signatures using approximate trapdoor revisited |
| topic | sampling methods digital signatures cryptography Gaussian distribution |
| url | https://doi.org/10.1049/ise2.12039 |
| work_keys_str_mv | AT huiwenjia latticebasedhashandsignsignaturesusingapproximatetrapdoorrevisited AT yupuhu latticebasedhashandsignsignaturesusingapproximatetrapdoorrevisited AT chunmingtang latticebasedhashandsignsignaturesusingapproximatetrapdoorrevisited |