Improving the Security of the DRS Scheme with Uniformly Chosen Random Noise

Sipasseuth, Arnaud; Plantard, Thomas; Susilo, Willy

doi:10.1007/978-3-030-21548-4_7

Cited by 5 publications

(6 citation statements)

References 24 publications

(41 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work provides an alternative to verify lattice signatures if the need arises, showing an interesting trade-off between pre-computation time for signature verification time and memory storage. In this work, we show that by adopting our approach to the proposed DRS parameters [27], we gain a factor of 20 on the verification speed. We also provide another approach on an attack specifically to our modification as the security of our public key remains unchanged.…”

Section: Introductionmentioning

confidence: 80%

“…The original idea behind DRS stemmed from when Plantard, Susilo and Win [22] suggested to use a diagonal dominant matrix to reduce large message vectors to short signatures within a known hypercube as a countermeasure against parallelogram detection attacks [18]. The security of the scheme has been shown to be reduced by a machine learning method [28] and since then it has been modified to resist against this attack at the cost of a slower secret key generation [27]. We will briefly describe both keys, the signature and the verification, the latter being the only part affected by this work.…”

Section: Drs and Its Verification Algorithmmentioning

confidence: 99%

“…We will briefly describe both keys, the signature and the verification, the latter being the only part affected by this work. The secret diagonal dominant matrix (as defined in [7]) S key is generated using the work in [27]). The public key P key is generated by the multiplication of P key = S key × U with U unimodular and randomly taken such that P key ∞ < 2 63 .…”

Section: Drs and Its Verification Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

Sipasseuth

Plantard

Susilo

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

© Springer Nature Switzerland AG, 2019. We present a novel computational technique to check whether a matrix-vector product is correct with a relatively high probability. While the idea could be related to verifiable delegated computations, most of the literature in this line of work focuses on provably secure functional aspects and do not provide clear computational techniques to verify whether a product $$xA = y$$ is correct where x, A and y are not given nor computed by the party which requires validity checking: this is typically the case for some cryptographic lattice-based signature schemes. This paper focuses on the computational aspects and the improvement on both speed and memory when implementing such a verifier, and use a practical example: the Diagonal Reduction Signature (DRS) scheme as it was one of the candidates in the recent National Institute of Standards and Technology Post-Quantum Cryptography Standardization Calls for Proposals competition. We show that in the case of DRS, we can gain a factor of 20 in verification speed.

show abstract

Section: Introductionmentioning

confidence: 80%

Section: Drs and Its Verification Algorithmmentioning

confidence: 99%

Section: Drs and Its Verification Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

Sipasseuth

Plantard

Susilo

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Notice that our generator parameters scale very well when we aim to increase combination security: jumping from λ = 128-bits of security to λ = 256 often requires less than doubling the amount d of vectors. In practice, recommended lattice dimensions tend to change with λ so a reevaluation of optimal parameters (d, k) is d, k) compared to the prime approach of [44] for [43], leading to smaller memory requirements for [43], less precomputations and faster verification:…”

Section: Practical Parameters and Application To [44]mentioning

confidence: 99%

Fast verification and public key storage optimization for unstructured lattice-based signatures

et al. 2023

Self Cite

View full text Add to dashboard Cite

A recent work of Sipasseuth, Plantard and Susilo proposed to accelerate lattice-based signature verifications and compress public key storage at the cost of a precomputation on a public key. This first approach, which focused on a restricted type of key, did not include most NIST candidates, or most lattice representations in general. In this work, we first present a way to improve even further both their verification speed and their public key compression capability by using a generator of numbers that better suit the method needs. We then also generalize their framework to apply to q-ary lattice schemes as well as classical lattices using Hermite Normal Form, improving their security and applicable scope, thus exhibiting potential trade-offs to accelerate lattice-based signature verification in general and compression of the public key on the verifier side for unstructured lattices.

show abstract

“…It is possible that the leak found by Yu and Ducas can be patched by modifying the signing algorithm without modifying the noise as we did. As of November 2019, an extended version of [16] available in [16] reduces the security of our original contribution [44]. While the updated attack is clearly not as strong as the previous attack, it still provides further motivation to deepen the research.…”

Section: Property 1 (Hardness Of Drs Key Recovery)mentioning

confidence: 99%

A Noise Study of the PSW Signature Family: Patching DRS with Uniform Distribution †

Sipasseuth¹,

Plantard²,

Susilo³

2020

Information

Self Cite

View full text Add to dashboard Cite

At PKC 2008, Plantard et al. published a theoretical framework for a lattice-based signature scheme, namely Plantard–Susilo–Win (PSW). Recently, after ten years, a new signature scheme dubbed the Diagonal Reduction Signature (DRS) scheme was presented in the National Institute of Standards and Technology (NIST) PQC Standardization as a concrete instantiation of the initial work. Unfortunately, the initial submission was challenged by Yu and Ducas using the structure that is present on the secret key noise. In this paper, we are proposing a new method to generate random noise in the DRS scheme to eliminate the aforementioned attack, and all subsequent potential variants. This involves sampling vectors from the n-dimensional ball with uniform distribution. We also give insight on some underlying properties which affects both security and efficiency on the PSW type schemes and beyond, and hopefully increase the understanding on this family of lattices.

show abstract

Improving the Security of the DRS Scheme with Uniformly Chosen Random Noise

Cited by 5 publications

References 24 publications

Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

Fast verification and public key storage optimization for unstructured lattice-based signatures

A Noise Study of the PSW Signature Family: Patching DRS with Uniform Distribution †

Contact Info

Product

Resources

About