Description
Lyubashevsky’s signatures are based on the Fiat-Shamir with aborts paradigm, whose central ingredient is the use of rejection sampling to transform (secret-key-dependent) signature samples into samples from a secret-key-independent distribution. The choice of these two underly- ing distributions is part of the rejection sampling strategy, and various instantiations have been considered up to this day. In this work, we inves- tigate which strategy leads to the most compact signatures, given signing runtime requirements. Our main contributions are as follows:<br/> (i) We prove lower bounds for compactness of signatures given signing runtime requirements, and (ii) show that these lower bounds are reached considering a new and elementary choice of distributions, namely con- tinuous uniform distributions over hyperballs. (iii) We also prove that, for any fixed pair of distributions, classic rejection sampling is the best strategy for minimizing the number of aborts, as well as (iv) propose a novel strategy that allows to fix (any) bound on the number of aborts while still guaranteeing correctness and security.<br/> lien: https://univ-rennes1-fr.zoom.us/j/97066341266?pwd=RUthOFV5cm1uT0ZCQVh6QUcrb1drQT09
Next sessions
-
Schéma de signature à clé publique : Frobénius-UOV
Speaker : Gilles Macario-Rat - Orange
L'exposé présente un schéma de signature à clé publique post-quantique inspiré du schéma UOV et introduisant un nouvel outil : les formes de Frobénius. L'accent est mis sur le rôle et les propriétés des formes de Frobénius dans ce nouveau schéma : la simplicité de description, la facilité de mise en oeuvre et le gain inédit sur les tailles de signature et de clé qui bat RSA-2048 au niveau de[…] -
Yoyo tricks with a BEANIE
Speaker : Xavier Bonnetain - Inria
TBD-
Cryptography
-
Symmetrical primitive
-