Boru Gong,Leixiao Cheng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-030-55304-3_4

2020-01-01

Abstract:The lattice-based signature scheme Dilithium is one of the most promising signature candidates for the post-quantum era, for its simplicity, efficiency, small public key size, and resistance against side channel attacks. Whether better trade-offs on the already remarkable performance of Dilithium can be made is left in Dilithium as an interesting open question.

Cankun Zhao,Neng Zhang,Hanning Wang,Bohan Yang,Wenping Zhu,Zhengdong Li,Min Zhu,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2022.i1.270-295

2021-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:The lattice-based CRYSTALS-Dilithium scheme is one of the three thirdround digital signature finalists in the National Institute of Standards and Technology Post-Quantum Cryptography Standardization Process. Due to the complex calculations and highly individualized functions in Dilithium, its hardware implementations face the problems of large area requirements and low efficiency. This paper proposes several optimization methods to achieve a compact and high-performance hardware architecture for round 3 Dilithium. Specifically, a segmented pipelined processing method is proposed to reduce both the storage requirements and the processing time. Moreover, several optimized modules are designed to improve the efficiency of the proposed architecture, including a pipelined number theoretic transform module, a SampleInBall module, a Decompose module, and three modular reduction modules. Compared with state-of-the-art designs for Dilithium on similar platforms, our implementation requires 1.4×/1.4×/3.0×/4.5× fewer LUTs/FFs/BRAMs/DSPs, respectively, and 4.4×/1.7×/1.4× less time for key generation, signature generation, and signature verification, respectively, for NIST security level 5.

Kelsey A. Jackson,Carl A. Miller,Daochen Wang

2024-03-07

Abstract:In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that NIST has chosen is CRYSTALS-Dilithium. The hardness of this scheme is based on the hardness of three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. MLWE and MSIS have been well-studied and are widely believed to be secure. However, SelfTargetMSIS is novel and, though classically as hard as MSIS, its quantum hardness is unclear. In this paper, we provide the first proof of the hardness of SelfTargetMSIS via a reduction from MLWE in the Quantum Random Oracle Model (QROM). Our proof uses recently developed techniques in quantum reprogramming and rewinding. A central part of our approach is a proof that a certain hash function, derived from the MSIS problem, is collapsing. From this approach, we deduce a new security proof for Dilithium under appropriate parameter settings. Compared to the previous work by Kiltz, Lyubashevsky, and Schaffner (EUROCRYPT 2018) that gave the only other rigorous security proof for a variant of Dilithium, our proof has the advantage of being applicable under the condition q = 1 mod 2n, where q denotes the modulus and n the dimension of the underlying algebraic ring. This condition is part of the original Dilithium proposal and is crucial for the efficient implementation of the scheme. We provide new secure parameter sets for Dilithium under the condition q = 1 mod 2n, finding that our public key size and signature size are about 2.9 times and 1.3 times larger, respectively, than those proposed by Kiltz et al. at the same security level.

Cryptography and Security,Quantum Physics

Jieyu Zheng,Feng He,Shiyu Shen,Chenxi Xue,Yunlei Zhao

DOI: https://doi.org/10.1145/3564625.3564629

2022-01-01

Abstract:The lattice-based signature scheme CRYSTALS-Dilithium is one of the two signature finalists in the third round NIST post-quantum cryptography (PQC) standardization project. For applications of low-power Internet-of-Things (IoT) devices, recent research efforts have been focusing on the performance optimization of PQC algorithms on embedded systems. In particular, performance optimization is more demanding for PQC signature algorithms that are usually significantly more time-consuming than PQC public-key encryption counterparts. For most cryptographic algorithms based on algebraic lattices including Dilithium, the fundamental and most time-consuming operation is polynomial multiplication over rings. For this computational task, number theoretic transform (NTT) is the most efficient multiplication method for NTT-friendly rings, and is now the typical technique for performing fast polynomial multiplications when implementing lattice-based PQC algorithms. The key observation of this work is that, besides multiplications of polynomials of standard forms, Dilithium involves a list of multiplications for polynomials of very small coefficients. Can we have more efficient methods for multiplying such polynomials of small coefficients? Under this motivation, we present in this work a parallel small polynomial multiplication algorithm to speed up the implementations of Dilithium. We complete both C reference implementation and ARM Neon implementation. Moreover, we conducted some speed tests in combination with Becker's Neon NTT [4]. The results show that, in comparison with the C reference implementation of Dilithium submitted to the third round of the NIST PQC competition, our reference implementation with the proposed parallel small polynomial multiplication is faster: specifically, our Sign and Verify speed up 18% and 19% respectively for Dilithium-2 (30% and 7% for Dilithium-3, 27% and 3% for Dilithium5, respectively). As for the Arm Neon implementation, we achieved a performance improvement of about 64% in Sign and 50% in Verify for Dilithium-2 (60% and 32% for Dilithium-3) compared with the C reference implementation of Dilithium submitted to the third round of the NIST PQC competition. We aslo compared our work with the state-of-the-art Arm Neon implementation of Dilithium [4], the results show our speed of Sign is 13.4% faster for Dilithium-2 and 8.0% faster for Dilithium-3, achieving a new record of fast Dilithium implementation.

Quang Dang Truong,Phap Ngoc Duong,Hanho Lee

DOI: https://doi.org/10.1109/access.2024.3370470

IF: 3.9

2024-03-06

IEEE Access

Abstract:The rapid advancement of powerful quantum computers poses a significant security risk to current public-key cryptosystems, which heavily rely on the computational complexity of problems such as discrete logarithms and integer factorization. As a result, CRYSTALS-Dilithium, a lattice-based digital signature scheme with the potential to be an alternative algorithm that can withstand both quantum and classical attacks, has been standardized as ML-DSA after NIST Post-Quantum Cryptography competition. While prior studies have proposed hardware designs to accelerate this cryptosystem, there is room for further optimization in the tradeoff between performance and hardware consumption. This paper addresses these limitations by presenting an efficient low-latency hardware architecture for ML-DSA, leveraging optimized timing schedules for its three main algorithms. The hardware implementation enables runtime switching main operations in ML-DSA with various security levels. We design flexible arithmetic and hash modules tailored for ML-DSA, the most time-consuming submodules and key determinants of the scheme implementation. Combined with efficient operation scheduling to maximize the utilized time of submodules, our design achieves the best latency among FPGA-based implementations, outperforming state-of-the-art works by 1.27 in terms of the area-time tradeoff metric. Therefore, the proposed hardware architecture demonstrates its practical applicability for digital signature cryptosystems in post-quantum era.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bao-Hong Li,Hongping Zhao,Jiacheng Li

DOI: https://doi.org/10.1145/3424978.3425018

2020-01-01

Abstract:We present a lattice-based concurrent signature construction as a post-quantum solution to fair exchange of digital signatures. Our construction has the following two desirable features: (1) it is adaptively secure in the standard model, that is, its security does not rely on the random oracle assumption, and (2) it achieves anonymity, a stronger security notion than ambiguity. That is, before the release of the keystone, from a third party's point of view, a signature in our construction could be generated by anyone, not just limited to two parties involved in the exchange. We obtain these results by applying a novel idea to the lattice-based signatures due to Boyen.

Shiyu Shen,Hao Yang,Wangchen Dai,Hong Zhang,Zhe Liu,Yunlei Zhao

DOI: https://doi.org/10.1109/tpds.2024.3453289

2024-01-01

Abstract:Digital signatures are fundamental building blocks in various protocols to provide integrity and authenticity. The development of the quantum computing has raised concerns about the security guarantees afforded by classical signature schemes. CRYSTALS-Dilithium is an efficient post-quantum digital signature scheme based on lattice cryptography and has been selected as the primary algorithm for standardization by the National Institute of Standards and Technology. In this work, we present a high-throughput GPU implementation of Dilithium. For individual operations, we employ a range of computational and memory optimizations to overcome sequential constraints, reduce memory usage and IO latency, address bank conflicts, and mitigate pipeline stalls. This results in high and balanced compute throughput and memory throughput for each operation. In terms of concurrent task processing, we leverage task-level batching to fully utilize parallelism and implement a memory pool mechanism for rapid memory access. Considering the impact of varying repetition numbers in Dilithium on the overall execution time and hardware utilization, we propose a dynamic task scheduling mechanism to improve multiprocessor occupancy and significantly reduce execution time. Furthermore, we apply asynchronous computing and launch multiple streams to hide data transfer latencies and maximize the computing capabilities of both CPU and GPU. Across all three security levels, our GPU implementation can concurrently compute ten thousand tasks in less than 32 miliseconds for signing and 15 miliseconds for verification on both commercial and server-grade GPUs. This achieves microsecond-level amortized execution times for each task, offering a high-throughput and quantum-resistant solution suitable for a wide array of applications in real systems.

Fengxia Liu,Zhiyong Zheng,Zixian Gong,Kun Tian,Yi Zhang,Zhe Hu,Jia Li,Qun Xu

DOI: https://doi.org/10.1186/s42400-023-00198-1

2024-04-04

Abstract:Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation, rich mathematical foundation and worst-case security, and also an important tool for constructing cryptography. This survey explores lattice-based digital signatures, a promising post-quantum resistant alternative to traditional schemes relying on factoring or discrete logarithm problems, which face increasing risks from quantum computing. The study covers conventional paradigms like Hash-and-Sign and Fiat-Shamir, as well as specialized applications including group, ring, blind, and proxy signatures. It analyzes the versatility and security strengths of lattice-based schemes, providing practical insights. Each chapter summarizes advancements in schemes, identifying emerging trends. We also pinpoint future directions to deploy lattice-based digital signatures including quantum cryptography.

Zhengzhong Jin,Shiyu Shen,Yunlei Zhao

DOI: https://doi.org/10.1109/TIT.2022.3148586

IF: 2.5

2022-01-01

IEEE Transactions on Information Theory

Abstract:A remarkable breakthrough in mathematics in recent years is the proof of the long-standing conjecture: sphere packing in the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$E_{8}$ </tex-math></inline-formula> lattice is optimal in the sense of the best density for sphere packing in <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {R}^{8}$ </tex-math></inline-formula> . In this work, we design a mechanism for asymmetric key consensus from noise (AKCN), referred to as AKCN-E8, for error correction and key consensus. As a direct application, we present a practical key encapsulation mechanism (KEM) from the ideal lattice based on the ring learning with errors (RLWE) problem. Compared with NewHope-KEM that was the second round candidate of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standardization, our AKCN-E8 KEM scheme overcomes some limitations and shortcomings of NewHope-KEM. Compared with some other dominating KEM schemes based on the variants of LWE, specifically Kyber and Saber, AKCN-E8 has a comparable performance but enjoys much flexible shared-key sizes. Specifically, the key encapsulated by AKCN-E8-512 (resp., 768, 1024) has the size of 256 (resp., 384, 512) bits. Flexible key size renders us stronger security against quantum attacks, more powerful and economic ability of key transportation, and better matches the demand in interactive protocols like TLS where parties need to negotiate the security parameters including the shared key length.

Olivier Bronchain,Hoffmann,Joost Renes,C. V. Vredendaal,Gaëtan Cassiers,Schönauer,M. Azouaoui,Markus,Tobias Schneider,François-Xavier Standaert,Yulia Kuzovkova,Clément

DOI: https://doi.org/10.46586/tches.v2023.i4.58-79

2023-08-31

Abstract:CRYSTALS-Dilithium has been selected by the NIST as the new standard for post-quantum digital signatures. In this work, we revisit the side-channel countermeasures of Dilithium in three directions. First, we improve its sensitivity analysis by classifying intermediate computations according to their physical security requirements. Second, we provide improved gadgets dedicated to Dilithium, taking advantage of recent advances in masking conversion algorithms. Third, we combine these contributions and report performance for side-channel protected Dilithium implementations. Our benchmarking results additionally put forward that the randomized version of Dilithium can lead to significantly more efficient implementations (than its deterministic version) when side-channel attacks are a concern.

Physics,Computer Science

Prasanna Ravi,Anupam Chattopadhyay,Jan Pieter D’Anvers,Anubhab Baksi

DOI: https://doi.org/10.1145/3603170

2023-06-05

ACM Transactions on Embedded Computing Systems

Abstract:In this work, we present a systematic study of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We therefore present a range of customized countermeasures, capable of providing defences/mitigations against existing SCA/FIA, and incorporate several SCA and FIA countermeasures within a single design of Kyber and Dilithium. Among the several countermeasures discussed in this work, we present novel countermeasures that offer simultaneous protection against several SCA and FIA based chosen-ciphertext attacks for Kyber KEM. We implement the presented countermeasures within two well-known public software libraries for PQC - (1) pqm4 library for the ARM Cortex-M4 based microcontroller and (2) liboqs library for the Raspberry Pi 3 Model B Plus based on the ARM Cortex-A53 processor. Our performance evaluation reveals that the presented custom countermeasures incur reasonable performance overheads, on both the evaluated embedded platforms. We therefore believe our work argues for usage of custom countermeasures within real-world implementations of lattice-based schemes, either in a standalone manner, or as reinforcements to generic countermeasures such as masking.

computer science, software engineering, hardware & architecture

Hong Zhao,Yan-yan Han,Shuhan Yu,Kaili Dou

DOI: https://doi.org/10.1117/12.2685750

2023-08-15

Abstract:The certificateless cryptography solves the certificate management and key escrow problems in the Internet of Things. However, these schemes are no longer safe in the quantum environment. Lattice cryptography has become the main method to solve quantum security. At present, only a few lattice-based certificateless signature schemes have been proposed and the use of the trapdoor function limits the efficiency of the lattice cryptography, and the security of these schemes can only reach existential unforgeability. We construct a lattice-based certificateless signature scheme based on Lyubashevsky's signature scheme. The security of our scheme can reach strong unforgeability and the computational efficiency of our scheme is lower than the previous schemes.

Computer Science,Engineering

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Zhengzhong Jin,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-030-21568-2_15

2019-01-01

Abstract:In this work, we abstract some key ingredients in previous key establishment and public-key encryption schemes from LWE and its variants. Specifically, we explicitly formalize the building tool, referred to as key consensus (KC) and its asymmetric variant AKC. KC and AKC allow two communicating parties to reach consensus from close values, which plays the fundamental role in lattice-based cryptography. We then prove the upper bounds on parameters for any KC and AKC, which reveal the inherent constraints on the parameters among security, bandwidth, error probability, and consensus range. As a conceptual contribution, this simplifies the design and analysis of these cryptosystems in the future. Guided by the proved upper bounds, we design and analyze both generic and highly practical KC and AKC schemes, which are referred to as OKCN and AKCN respectively for presentation simplicity. We present a generic protocol structure for key establishment from learning with rounding (LWR), which can be instantiated with either KC or AKC. We then provide an analysis breaking the correlation between the rounded deterministic noise and the secret, and design an algorithm to calculate the error probability numerically. When applied to LWEbased key establishment, OKCN and AKCN can result in more practical or well-balanced schemes, compared to existing LWE-based protocols in the literature.

Zhengzhong Jin,Yunlei Zhao

DOI: https://doi.org/10.48550/arxiv.1611.06150

2016-01-01

Abstract:In this work, we abstract some key ingredients in previous LWE- and RLWE-based key exchange protocols, by introducing and formalizing the building tool, referred to as key consensus (KC) and its asymmetric variant AKC. KC and AKC allow two communicating parties to reach consensus from close values obtained by some secure information exchange. We then discover upper bounds on parameters for any KC and AKC. KC and AKC are fundamental to lattice based cryptography, in the sense that a list of cryptographic primitives based on LWR, LWE and RLWE (including key exchange, public-key encryption, and more) can be modularly constructed from them. As a conceptual contribution, this much simplifies the design and analysis of these cryptosystems in the future. We then design and analyze both general and highly practical KC and AKC schemes, which are referred to as OKCN and AKCN respectively for presentation simplicity. Based on KC and AKC, we present generic constructions of key exchange (KE) from LWR, LWE and RLWE. The generic construction allows versatile instantiations with our OKCN and AKCN schemes, for which we elaborate on evaluating and choosing the concrete parameters in order to achieve an optimally-balanced performance among security, computational cost, bandwidth efficiency, error rate, and operation simplicity.

Sheng-wei Xu,Shu-han Yu,Zi-Yan Yue,Yi-Long Liu

DOI: https://doi.org/10.1016/j.comnet.2024.110858

IF: 5.493

2024-10-19

Computer Networks

Abstract:The rapid development of Vehicular Ad-hoc Network (VANETs) has improved road safety and traffic management, and brought great convenience to intelligent transportation system (ITS). However, the transmission of data over open channels caused many security issues. Certificateless cryptography solves the certificate management and key escrow problems, which makes it the primary method for message authentication in VANETs. However, with the emergence of quantum computing, traditional cryptography faces a significant challenge. Lattice-based cryptography are regarded as effective post-quantum ciphers. Nevertheless, nearly all existing lattice-based certificateless signature schemes rely on Gaussian sampling or trapdoor techniques, resulting in computational inefficiencies and large key and signature sizes that are impractical for VANETs. To address these issues, we proposed the first efficient algebraic lattice-based certificateless signature scheme in VANETs based on the Dilithium signature algorithm. The security of our certificateless lattice-based signature(CLLS) scheme is based on the MSIS and MLWE hardness assumption, which makes the scheme resistant to quantum attacks and easy to implement. Our scheme did not use Gaussian sampling or trapdoor techniques, which improve the computational and storage efficiency. As a result, the public key of our scheme is 1X smaller than the previous scheme and the size of signature is 2X smaller than the previous efficient algebraic lattice scheme. In addition, compared to the most efficient existing CLLS scheme, the signing and verification computation cost of our scheme are reduced by 20% and 55% respectively and our proposed CLLS scheme has low power consumption. Furthermore, the security of our scheme achieves strong unforgeability against chosen-message attacks(SUF-CMA) in the random oracle model(ROM), which surpasses that of existing lattice-based certificateless signature schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Luke Beckwith,Duc Tri Nguyen,Kris Gaj

DOI: https://doi.org/10.1109/icfpt52863.2021.9609917

2021-12-06

Abstract:Many currently deployed public-key cryptosystems are based on the difficulty of the discrete logarithm and integer factorization problems. However, given an adequately sized quantum computer, these problems can be solved in polynomial time as a function of the key size. Due to the future threat of quantum computing to current cryptographic standards, alternative algorithms that remain secure under quantum computing are being evaluated for future use. One such algorithm is CRYSTALS-Dilithium, a lattice-based digital signature scheme, which is a finalist in the NIST Post Quantum Cryptography (PQC) competition. As a part of this evaluation, high-performance implementations of these algorithms must be investigated. This work presents a high-performance implementation of CRYSTALS-Dilithium targeting FPGAs. In particular, we present a design that achieves the best latency for an FPGA implementation to date. We also compare our results with the most-relevant previous work on hardware implementations of NIST Round 3 post-quantum digital signature candidates.

Alexandre Berzati,Andersson Calle Viera,Maya Chartouny,Steven Madec,Damien Vergnaud,David Vigilant

DOI: https://doi.org/10.46586/tches.v2023.i4.188-210

2023-08-31

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:This paper presents a new profiling side-channel attack on CRYSTALSDilithium, the new NIST primary standard for quantum-safe digital signatures. An open source implementation of CRYSTALS-Dilithium is already available, with constant-time property as a consideration for side-channel resilience. However, this implementation does not protect against attacks that exploit intermediate data leakage. We show how to exploit a new leakage on a vector generated during the signing process, for which the costly protection by masking is still a matter of debate. With a corpus of 700 000 messages, we design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. By gathering signatures and being able to make the correct predictions for each index, and then using linear algebra methods, this paper demonstrates that one can recover part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model from practical experiments with the reference implementation on an ARM Cortex-M4. We need approximately a day to collect enough representatives and one more day to perform the traces acquisition on our target.

Min Wang,Gui-Lu Long

DOI: https://doi.org/10.1007/s11432-024-4177-5

2024-11-10

Science China Information Sciences

Abstract:Access authentication scheme plays a foundational role in ensuring the security of communication networks. However, an access authentication scheme with high security and efficiency is still lacking in quantum communication networks. In this paper, we propose a lattice-based access authentication scheme for quantum communication networks in the manner of real-time interaction with the network control center, which could achieve properties of mutual authentication, conditional anonymity, data confidentiality, unforgeability, undeniability, and data integrity. We utilize the digital signature algorithm CRYSTALS-Dilithium and the key-establishment algorithm CRYSTALS-KYBER, both of which have been selected for standardization by the National Institute of Standards and Technology, to realize secure access authentication for users of the quantum communication networks. Specifically, in the quantum secure direct communication network, key-establishment is replaced by the verification of signatures encoded in quantum states. Our results demonstrate the feasibility of establishing a quantum-secure communication network.

computer science, information systems,engineering, electrical & electronic

Jianhua Yan,Licheng Wang,Lihua Wang,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1155/2013/702539

IF: 1.43

2013-01-01

Mathematical Problems in Engineering

Abstract:Signcryption is a cryptographic primitive that can perform digital signature and public encryption simultaneously at a significantly reduced cost. This advantage makes it highly useful in many applications. However, most existing signcryption schemes are seriously challenged by the booming of quantum computations. As an interesting stepping stone in the post-quantum cryptographic community, two lattice-based signcryption schemes were proposed recently. But both of them were merely proved to be secure in the random oracle models. Therefore, the main contribution of this paper is to propose a new lattice-based signcryption scheme that can be proved to be secure in the standard model.