Advertisement

Computing

, Volume 85, Issue 1–2, pp 105–125 | Cite as

Post-quantum cryptography: lattice signatures

  • Johannes Buchmann
  • Richard LindnerEmail author
  • Markus Rückert
  • Michael Schneider
Article

Abstract

This survey provides a comparative overview of lattice-based signature schemes with respect to security and performance. Furthermore, we explicitly show how to construct a competitive and provably secure Merkle tree signature scheme solely based on worst-case lattice problems.

Keywords

Digital signatures Post-quantum cryptography Lattices 

Mathematics Subject Classification (2000)

94A60 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ajtai M (1996) Generating hard instances of lattice problems (extended abstract). In: Proceedings of the annual symposium on the theory of computing (STOC) 1996. ACM Press, pp 99–108Google Scholar
  2. 2.
    Ajtai M (1999) Generating hard instances of the short basis problem. In: International colloquium on automata, languages and programming (ICALP). Lecture notes in computer science. Springer, New York, pp 1–9Google Scholar
  3. 3.
    Babai L (1986) On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1): 1–13zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Bernstein, DJ, Buchmann, J, Dahmen, E (eds) (2008) Post-quantum cryptography. Springer, New YorkGoogle Scholar
  5. 5.
    Buchmann J, Dahmen E, Klintsevich E, Okeya K, Vuillaume C (2007) Merkle signatures with virtually unlimited signature capacity. In: International conference on applied cryptography and network security—ACNS 2007. Lecture notes in computer science. Springer, New York, pp 31–45Google Scholar
  6. 6.
    Buchmann J, Dahmen E, Schneider M (2008) Merkle tree traversal revisited. In: Post-quantum cryptography (PQCrypto) 2008. Lecture notes in computer science. Springer, New York, pp 63–78Google Scholar
  7. 7.
    Buchmann J, Lindner R, Rückert M (2008) Explicit hard instances of the shortest vector problem. In: Post-quantum cryptography (PQCrypto) 2008. Lecture notes in computer science. Springer, New York, pp 79–94Google Scholar
  8. 8.
    Buchmann J, Lindner R, Rückert M, Schneider M (2008) Explicit hard instances of the shortest vector problem (extended version). Technical Report 2008/333, Cryptology ePrint ArchiveGoogle Scholar
  9. 9.
    Dinur I (2002) Approximating SVP to within almost-polynomial factors is NP-hard. Theor Comput Sci 285(1): 55–71zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Gama N, Howgrave-Graham N, Nguyen PQ (2006) Symplectic lattice reduction and NTRU. In: Vaudenay S(eds) EUROCRYPT. Lecture notes in computer science, vol 4004. Springer, New York, pp 233–253Google Scholar
  11. 11.
    Gentry C, Jonsson J, Stern J, Szydlo M (2001) Cryptanalysis of the ntru signature scheme (nss) from eurocrypt 2001. In: Advances in cryptology—Asiacrypt 2001, pp 1–20Google Scholar
  12. 12.
    Gentry C, Peikert C, Vaikuntanathan V (2008) Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the annual symposium on the theory of computing (STOC) 2008. ACM Press, pp 197–206Google Scholar
  13. 13.
    Goldreich O, Goldwasser S, Halevi S (1997) Public-key cryptosystems from lattice reduction problems. In: Advances in cryptology—crypto 1997. Lecture notes in computer science. Springer, New York, pp 112–131Google Scholar
  14. 14.
    Hoffstein J, Howgrave-Graham N, Pipher J, Silverman JH, Whyte W (2005) Performance improvements and a baseline parameter generation algorithm for NTRUsign. http://grouper.ieee.org/groups/1363/lattPK/submissions.html
  15. 15.
    Hoffstein J, Pipher J, Silverman JH (2001) NSS: an ntru lattice-based signature scheme. In: Advances in cryptology—Eurocrypt 2001. Lecture notes in computer science. Springer, New York, pp 211–228Google Scholar
  16. 16.
    Jakobsson M, Leighton T, Micali S, Szydlo M (2003) Fractal merkle tree representation and traversal. In: Topics in cryptology—cryptographer’s track, RSA Conference (CT-RSA) 2003. Lecture notes in computer science. Springer, New York, pp 314–326Google Scholar
  17. 17.
    Khot S (2005) Hardness of approximating the shortest vector problem in lattices. J ACM 52(5): 789–808CrossRefMathSciNetGoogle Scholar
  18. 18.
    Klein PN (2000) Finding the closest lattice vector when it’s unusually close. In: Proceedings of the annual symposium on discrete algorithms (SODA) 2000. ACM Press, pp 937–941Google Scholar
  19. 19.
    Lenstra A, Lenstra H, Lovász L (1982) Factoring polynomials with rational coefficients. Math Ann 261(4): 515–534zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Lyubashevsky V, Micciancio D (2006) Generalized compact knapsacks are collision resistant. In: International colloquium on automata, languages and programming (ICALP) 2006. Lecture notes in computer science. Springer, New York, pp 144–155Google Scholar
  21. 21.
    Lyubashevsky V, Micciancio D (2008) Asymptotically efficient lattice-based digital signatures. In: Theory of cryptography conference (TCC) 2008. Lecture notes in computer science. Springer, New York, pp 37–54Google Scholar
  22. 22.
    Lyubashevsky V, Micciancio D, Peikert C, Rosen A (2008) Swifft: a modest proposal for fft hashing. In: Fast software encryption (FSE) 2008. Lecture notes in computer science. Springer, New York, pp 54–72Google Scholar
  23. 23.
    Merkle R (1990) A certified digital signature. In: Advances in cryptology—crypto 1989. Lecture notes in computer science. Springer, New York, pp 218–238Google Scholar
  24. 24.
    Micciancio D (2001) Improving lattice based cryptosystems using the Hermite normal form. In: Cryptography and lattices (CaLC) 2001. Lecture notes in computer science. Springer, New York, pp 126–145Google Scholar
  25. 25.
    Micciancio D (2002) Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions. In: Proceedings of the 43rd annual IEEE symposium on foundations of computer science, 2002, pp 356–365Google Scholar
  26. 26.
    Micciancio D, Goldwasser S (2002) Complexity of lattice problems: a cryptographic perspective. The Kluwer international series in engineering and computer science, vol 671. Kluwer, BostonGoogle Scholar
  27. 27.
    Micciancio D, Regev O (2007) Worst-case to average-case reductions based on gaussian measures. SIAM J Comput 37(1): 267–302zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Nguyen PQ (1999) Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from crypto’97. In: Advances in cryptology—crypto 1999. Lecture notes in computer science. Springer, New York, pp 288–304Google Scholar
  29. 29.
    Nguyen PQ, Regev O (2006) Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Advances in cryptology—Eurocrypt 2006. Lecture notes in computer science. Springer, New York, pp 215–233Google Scholar
  30. 30.
    Peikert C, Rosen A (2006) Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Theory of cryptography conference (TCC) 2006. Lecture notes in computer science. Springer, New York, pp 145–166Google Scholar
  31. 31.
    Regev O (2007) On the complexity of lattice problems with polynomial approximation factors. In: A survey for the LLL+25 conferenceGoogle Scholar
  32. 32.
    Regev O, Rosen R (2006) Lattice problems and norm embeddings. In: Proceedings of the annual symposium on the theory of computing (STOC) 2006. ACM Press, pp 447–456Google Scholar
  33. 33.
    Shor PW (1997) Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput 26(5): 1484–1509zbMATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    Szydlo M (2003) Merkle tree traversal in log space and time (preprint version). http://www.szydlo.com
  35. 35.
    Szydlo M (2004) Merkle tree traversal in log space and time. In: Advances in cryptology—Eurocrypt 2004. Lecture notes in computer science. Springer, New York, pp 541–554Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • Johannes Buchmann
    • 1
  • Richard Lindner
    • 1
    Email author
  • Markus Rückert
    • 1
  • Michael Schneider
    • 1
  1. 1.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations