Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems

Güneysu, Tim; Lyubashevsky, Vadim; Pöppelmann, Thomas

doi:10.1007/978-3-642-33027-8_31

Cited by 191 publications

(185 citation statements)

References 36 publications

Supporting

Mentioning

168

Contrasting

Order By: Relevance

“…In this section we briefly recall the notation from [14]. We use a similar notation and denote by R p n the polynomial ring Z[x] p x n + 1 with integer coefficients in the range [− p−1 2 , p−1 2 ] where n is a power of two.…”

Section: Notationmentioning

confidence: 99%

“…According to the description in [14] we have chosen a to be a randomly generated global constant. For the key generation described in Algorithm 1 we therefore basically perform sampling of random values from the domains R p n 1 followed by a polynomial multiplication with the global constant and an addition.…”

Section: Definitionmentioning

confidence: 99%

“…Parameters that offer a reasonable security margin of approximately 100 bits of comparable classical symmetric security are n = 512, p = 8383489, and k = 2 14 This parameter set is the primary target of this work. For some intuition on how these parameters were selected, how the security level has been computed, for a second parameter set and a security proof in the random-oracle model we refer again to [14].…”

Section: Parameters and Securitymentioning

confidence: 99%

“…The speed advantage of ideal lattices over standard lattice constructions usually stems from the applicability of the Number Theoretic Transform (NTT), which allows operations in quasi-linear runtime of O(n log n) instead of quadratic complexity. In particular, two implementations of promising lattice-based constructions for encryption [12] and digital signatures [14] were recently presented and demonstrate that such constructions can be efficient in reconfigurable hardware. However, as the proof-of-concept implementation in [12] is based on the generic NTL library [22], it remains still somewhat unclear how these promising schemes perform on high-performance processors that include modern SIMD multimedia extensions such as SSE and AVX.…”

Section: Introductionmentioning

confidence: 99%

“…The main contribution of this work is the first optimized software implementation of the lattice-based signature scheme proposed in [14]. It is an aggressively optimized variant of the scheme originally proposed by Lyubashevsky [17] without Gaussian sampling.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Software Speed Records for Lattice-Based Signatures

Güneysu

Oder

Pöppelmann

et al. 2013

Post-Quantum Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. Novel public-key cryptosystems beyond RSA and ECC are urgently required to ensure long-term security in the era of quantum computing. The most critical issue on the construction of such cryptosystems is to achieve security and practicability at the same time. Recently, lattice-based constructions were proposed that combine both properties, such as the lattice-based digital signature scheme presented at CHES 2012. In this work, we present a first highly-optimized SIMD-based software implementation of that signature scheme targeting Intel's Sandy Bridge and Ivy Bridge microarchitectures. This software computes a signature in only 634988 cycles on average on an Intel Core i5-3210M (Ivy Bridge) processor. Signature verification takes only 45036 cycles. This performance is achieved with full protection against timing attacks.

show abstract

Section: Notationmentioning

confidence: 99%

Section: Definitionmentioning

confidence: 99%

Section: Parameters and Securitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Software Speed Records for Lattice-Based Signatures

Güneysu

Oder

Pöppelmann

et al. 2013

Post-Quantum Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

A provably secure code‐based short signature scheme and its nontransferable variant

Asaar

Salmasizadeh

Aref

2018

Int J Communication

View full text Add to dashboard Cite

SummarySignatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity‐based cryptosystems. In this paper, to have quantum‐attack‐resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than Dallot signature scheme, the only provably secure and practical code‐based signature scheme, while it preserves Dallot signature efficiency. We should highlight that our scheme can be used as a building block to construct short code‐based signature schemes with special properties. To show this, we present a provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols.

show abstract

Design of lattice‐based ElGamal encryption and signature schemes using SIS problem

Gupta

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The emerging technologies like quantum computing and cloud computing have a complex computing power and can break the security of the classical cryptographic constructions (like ElGamal's cryptosystem). Thus, we were motivated to work on hard lattice problems, which are more complex and can resist these new modern technologies. In this proposal, we present a lattice‐based version of discrete logarithm problem‐based ElGamal public‐key encryption and signature schemes that exhibit strong security features and efficient implementation. The security of these presented schemes is based on the worst‐case hardness of approximating a small integer vector in their corresponding lattice. Furthermore, this proposed work illustrates a security proof of the proposed schemes and shows that the presented schemes are well protected in the modern computing environment. The performance analysis and comparison with classical ElGamal schemes and recent lattice‐based schemes are also made, and it is seen that the proposed schemes achieve better performance.

show abstract

Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems

Cited by 191 publications

References 36 publications

Software Speed Records for Lattice-Based Signatures

Software Speed Records for Lattice-Based Signatures

A provably secure code‐based short signature scheme and its nontransferable variant

Design of lattice‐based ElGamal encryption and signature schemes using SIS problem

Contact Info

Product

Resources

About