SETLA: Signature and Encryption from Lattices

  • François GérardEmail author
  • Keno Merckx
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)


In data security, the main objectives one tries to achieve are confidentiality, data integrity and authentication. In a public-key setting, confidentiality is reached through asymmetric encryption and both data integrity and authentication through signature. Meeting all the security objectives for data exchange requires to use a concatenation of those primitives in an encrypt-then-sign or sign-then-encrypt fashion. Signcryption aims at providing all the security requirements in one single primitive at a lower cost than using encryption and signature together. Most existing signcryption schemes are using ElGamal-based or pairing-based techniques and thus rely on the decisional Diffie-Hellman assumption. With the current growth of a quantum threat, we seek for post-quantum counterparts to a vast majority of public-key primitives. In this work, we propose a lattice-based signcryption scheme in the random oracle model inspired from a construction of Malone-Lee. It comes in two flavors, one integrating the usual lattice-based key exchange into the signature and the other merging the scheme with a RLWE encryption. Our instantiation is based on a ring version of the scheme of Bai and Galbraith as was done in ring-TESLA and TESLA\(\sharp \). It targets 128 bits of classical security and offers a save in bandwidth over a naive concatenation of state-of-the-art key exchanges and signatures from the literature. Another lightweight instantiation derived from GLP is feasible but raises long-term security concerns since the base scheme is somewhat outdated.

Supplementary material


  1. 1.
    Akleylek, S., Bindel, N., Buchmann, J., Krmer, J., Marson, G.A.: An efficient lattice-based signature scheme with provably secure instantiation. Cryptology ePrint Archive, Report 2016/030 (2016).
  2. 2.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. Cryptology ePrint Archive, Report 2015/046 (2015).
  3. 3.
    Alkim, E., et al.: Revisiting TESLA in the quantum random oracle model. Cryptology ePrint Archive, Report 2015/755 (2015).
  4. 4.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Newhope without reconciliation. Cryptology ePrint Archive, Report 2016/1157 (2016).
  5. 5.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange—a new hope. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, TX, pp. 327–343. USENIX Association (2016)Google Scholar
  6. 6.
    Baek, J., Steinfeld, R., Zheng, Y.: Formal proofs for the security of signcryption. J. Cryptol. 20(2), 203–235 (2007)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bai, S., Galbraith, S.D.: An improved compression technique for signatures based on learning with errors. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 28–47. Springer, Cham (2014). Scholar
  8. 8.
    Barreto, P.S.L.M., Longa, P., Naehrig, M., Ricardini, J.E., Zanon, G.: Sharper ring-LWE signatures. Cryptology ePrint Archive, Report 2016/1026 (2016).
  9. 9.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. Cryptology ePrint Archive, Report 2010/428 (2010).
  10. 10.
    Bos, J., et al.: Crystals - kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017/634 (2017).
  11. 11.
    Bos, J.W., et al.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE (2016)Google Scholar
  12. 12.
    Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570, May 2015Google Scholar
  13. 13.
    Dagdelen, Ö., et al.: High-speed signatures from standard lattices. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 84–103. Springer, Cham (2015). Scholar
  14. 14.
    de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of ring-LWE encryption. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, DATE 2015, San Jose, CA, USA, pp. 339–344, EDA Consortium (2015)Google Scholar
  15. 15.
    Dent, A.W., Zheng, Y.: Practical Signcryption. Springer, Heidelberg (2010). Scholar
  16. 16.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). Scholar
  17. 17.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). Scholar
  18. 18.
    Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehle, D.: Crystals - dilithium: digital signatures from module lattices. Cryptology ePrint Archive, Report 2017/633 (2017).
  19. 19.
    Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012). Scholar
  20. 20.
    Lin, X., Ding, J., Xie, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688 (2012).
  21. 21.
    Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of fiat-shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552–586. Springer, Cham (2018). Scholar
  22. 22.
    Li, F., Bin Muhaya, F.T., Khan, M.K., Takagi, T., Takagi, T.: Lattice-based signcryption. Concur. Comput. Pract. Exp. 25(14), 2112–2122 (2013)CrossRefGoogle Scholar
  23. 23.
    Liu, Z., Seo, H., Sinha Roy, S., Großschädl, J., Kim, H., Verbauwhede, I.: Efficient ring-LWE encryption on 8-bit avr processors. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 663–682. Springer, Heidelberg (2015). Scholar
  24. 24.
    Lu, X., Wen, Q., Jin, Z., Wang, L., Yang, C.: A lattice-based signcryption scheme without random oracles. Front. Comput. Sci. 8(4), 667–675 (2014)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Lyubashevsky, V.: Fiat-shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). Scholar
  26. 26.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). Scholar
  27. 27.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43:1–43:35 (2013)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Malone-Lee, J.: Signcryption with non-interactive non-repudiation. Des. Codes Crypt. 37(1), 81–109 (2005)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014). Scholar
  30. 30.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Crypt. 13(3), 361–396 (2000)CrossRefGoogle Scholar
  31. 31.
    Pöppelmann, T., Oder, T., Güneysu, T.: High-performance ideal lattice-based cryptography on 8-bit ATxmega microcontrollers. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 346–365. Springer, Cham (2015). Scholar
  32. 32.
    Sato, S., Shikata, J.: Lattice-based signcryption without random oracles. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 331–351. Springer, Cham (2018). Scholar
  33. 33.
    Yan, J., Wang, L., Wang, L., Yang, Y., Yao, W.: Efficient lattice-based signcryption in standard model. Math. Prob. Eng. 2013, 1–18 (2013)MathSciNetGoogle Scholar
  34. 34.
    Zheng, Y.: Digital signcryption or how to achieve cost(signature & encryption) & cost(signature) + cost(encryption). In: Kaliski, B.S. (ed.) Advances in Cryptology – CRYPTO 1997. Lecture Notes in Computer Science, vol. 1294, pp. 165–179. Springer, Heidelberg (1997). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Université libre de BruxellesBrusselsBelgium

Personalised recommendations