On the Hardness of Module-LWE with Binary Secret

Boudgoust, Katharina; Jeudy, Corentin; Roux-Langlois, Adeline; Wen, Weiqiang

doi:10.1007/978-3-030-75539-3_21

Cited by 12 publications

(2 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Concrete aggregated signature size of 36 bytes at 128-bit security level is reported in [59]. However, it was recently pointed out [31] that the compressing linear map used in MMSAT and MMSATK implies that the security of these aggregate signatures relies on the hardness of a problem we call T-Vandermonde-SIS, a variant of Vandermonde-SIS but with signiicantly reduced security against lattice attacks with the parameter choices in [59]. Consequently, only the 'response' part of the signature can be securely aggregated, not the 'commitment' part.…”

Section: Account Management: Multi-and Aggregate Signaturementioning

confidence: 99%

See 1 more Smart Citation

A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research Directions

et al. 2023

View full text Add to dashboard Cite

Blockchain technology provides efficient and secure solutions to various online activities by utilizing a wide range of cryptographic tools. In this paper, we survey the existing literature on post-quantum secure digital signatures that possess exotic advanced features and which are crucial cryptographic tools used in the blockchain ecosystem for (i) account management, (ii) consensus efficiency, (iii) empowering scriptless blockchain, and (iv) privacy. The exotic signatures that we particularly focus on in this work are the following: multi-/aggregate, threshold, adaptor, blind and ring signatures. Herein the term exotic refers to signatures with properties which are not just beyond the norm for signatures e.g. unforgeability, but also imbue new forms of functionalities. Our treatment of such exotic signatures includes discussions on existing challenges and future research directions in the post-quantum space. We hope that this article will help to foster further research to make post-quantum cryptography more accessible so that blockchain systems can be made ready in advance of the approaching quantum threats.

show abstract

Section: Account Management: Multi-and Aggregate Signaturementioning

confidence: 99%

“…Consequently, only the 'response' part of the signature can be securely aggregated, not the 'commitment' part. Due to a similar issue, the aggregatable signature from M-LWE and M-SIS problems constructed in [31] also does not produce substantially shorter signatures than concatenated regular signatures.…”

Section: Account Management: Multi-and Aggregate Signaturementioning

confidence: 99%

A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research Directions

et al. 2023

View full text Add to dashboard Cite

show abstract

On the Hardness of Module-LWE with Binary Secret

Boudgoust

Jeudy

Roux-Langlois

et al. 2021

Topics in Cryptology – CT-RSA 2021

View full text Add to dashboard Cite

We prove that the Module Learning With Errors (M-LWE) problem with binary secrets and rank d is at least as hard as the standard version of M-LWE with uniform secret and rank k, where the rank increases from k to d ≥ (k + 1) log 2 q + ω(log 2 n), and the Gaussian noisewhere n is the ring degree and q the modulus. Our work improves on the recent work by Boudgoust et al. in 2020 by a factor of √ md in the Gaussian noise, where m is the number of given M-LWE samples, when q fulfills some number-theoretic requirements. We use a different approach than Boudgoust et al. to achieve this hardness result by adapting the previous work from Brakerski et al. in 2013 for the Learning With Errors problem to the module setting. The proof applies to cyclotomic fields, but most results hold for a larger class of number fields, and may be of independent interest.

show abstract

Entropic Hardness of Module-LWE from Module-NTRU

Boudgoust

Jeudy²,

Roux-Langlois³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The Module Learning With Errors problem (M-LWE) has gained popularity in recent years for its security-efficiency balance, and its hardness has been established for a number of variants. In this paper, we focus on proving the hardness of (search) M-LWE for general secret distributions, provided they carry sufficient min-entropy. This is called entropic hardness of M-LWE. First, we adapt the line of proof of Brakerski and Döttling on R-LWE (TCC'20) to prove that the existence of certain distributions implies the entropic hardness of M-LWE. Then, we provide one such distribution whose required properties rely on the hardness of the decisional Module-NTRU problem.

show abstract

On the Hardness of Module-LWE with Binary Secret

Cited by 12 publications

References 29 publications

A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research Directions

A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research Directions

On the Hardness of Module-LWE with Binary Secret

Entropic Hardness of Module-LWE from Module-NTRU

Contact Info

Product

Resources

About