Description
Lyubashevsky’s signatures are based on the Fiat-Shamir with aborts paradigm, whose central ingredient is the use of rejection sampling to transform (secret-key-dependent) signature samples into samples from a secret-key-independent distribution. The choice of these two underly- ing distributions is part of the rejection sampling strategy, and various instantiations have been considered up to this day. In this work, we inves- tigate which strategy leads to the most compact signatures, given signing runtime requirements. Our main contributions are as follows:<br/> (i) We prove lower bounds for compactness of signatures given signing runtime requirements, and (ii) show that these lower bounds are reached considering a new and elementary choice of distributions, namely con- tinuous uniform distributions over hyperballs. (iii) We also prove that, for any fixed pair of distributions, classic rejection sampling is the best strategy for minimizing the number of aborts, as well as (iv) propose a novel strategy that allows to fix (any) bound on the number of aborts while still guaranteeing correctness and security.<br/> lien: https://univ-rennes1-fr.zoom.us/j/97066341266?pwd=RUthOFV5cm1uT0ZCQVh6QUcrb1drQT09
Next sessions
-
CryptoVerif: a computationally-sound security protocol verifier
Speaker : Bruno Blanchet - Inria
CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]-
Cryptography
-