Skip to main content
SpringerLink
Log in

Hawk: Module LIP Makes Lattice Signatures Fast, Compact and Simple

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13794))

Abstract

We propose the signature scheme Hawk, a concrete instantiation of proposals to use the Lattice Isomorphism Problem (LIP) as a foundation for cryptography that focuses on simplicity. This simplicity stems from LIP, which allows the use of lattices such as \(\mathbb Z^n\), leading to signature algorithms with no floats, no rejection sampling, and compact precomputed distributions. Such design features are desirable for constrained devices, and when computing signatures inside FHE or MPC. The most significant change from recent LIP proposals is the use of module lattices, reusing algorithms and ideas from NTRUSign and Falcon. Its simplicity makes Hawk competitive. We provide cryptanalysis with experimental evidence for the design of Hawk and implement two parameter sets, Hawk-512 and Hawk-1024. Signing using Hawk-512 and Hawk-1024 is four times faster than Falcon on x86 architectures, produces signatures that are about 15% more compact, and is slightly more secure against forgeries by lattice reduction attacks. When floating-points are unavailable, Hawk signs 15 times faster than Falcon.

We provide a worst case to average case reduction for module LIP. For certain parametrisations of Hawk this applies to secret key recovery and we reduce signature forgery in the random oracle model to a new problem called the one more short vector problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/ludopulles/hawk-aux.

  2. 2.

    See https://github.com/ludopulles/hawk-aux/blob/main/code/hawk.sage.

  3. 3.

    See https://github.com/ludopulles/hawk-aux/blob/main/code/generate_C_tables.sage.

  4. 4.

    See fail_and_forge_probability at https://github.com/ludopulles/hawk-aux/blob/main/code/find_params.sage.

  5. 5.

    See https://github.com/ludopulles/hawk-aux/blob/main/code/find_params.sage.

  6. 6.

    See fail_and_forge_probabilities at https://github.com/ludopulles/hawk-aux/blob/main/code/find_params.sage.

References

  1. Agrawal, S., Kirshanova, E., Stehle, D., Yadav, A.: Practical, round-optimal lattice-based blind signatures. Cryptology ePrint Archive, Paper 2021/1565 (2021). https://eprint.iacr.org/2021/1565

  2. Agrawal, S., Stehle, D., Yadav, A.: Round-optimal lattice-based threshold signatures, revisited. Cryptology ePrint Archive, Paper 2022/634 (2022). https://eprint.iacr.org/2022/634

  3. Albrecht, M.R., Ducas, L.: Lattice Attacks on NTRU and LWE: A History of Refinements, pp. 15–40. London Mathematical Society Lecture Note Series, Cambridge University Press (2021). https://doi.org/10.1017/9781108854207.004

  4. Babai, L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)

    Article  MATH  Google Scholar 

  5. Bai, S., Stehlé, D., Wen, W.: Measuring, simulating and exploiting the head concavity phenomenon in BKZ. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 369–404. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03326-2_13

    Chapter  Google Scholar 

  6. Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Math. Ann. 296(1), 625–635 (1993)

    Article  MATH  Google Scholar 

  7. Bennett, H., Ganju, A., Peetathawatchai, P., Stephens-Davidowitz, N.: Just how hard are rotations of \(\mathbb{{Z}}^n\)? algorithms and cryptography with the simplest lattice. Cryptology ePrint Archive, Report 2021/1548 (2021). https://eprint.iacr.org/2021/1548

  8. Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J., (eds.) 45th ACM STOC, pp. 575–584. ACM Press (2013). https://doi.org/10.1145/2488608.2488680

  9. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  10. Dachman-Soled, D., Ducas, L., Gong, H., Rossi, M.: LWE with side information: attacks and concrete security estimation. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 329–358. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_12

    Chapter  Google Scholar 

  11. Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3

    Chapter  Google Scholar 

  12. Ducas, L., Nguyen, P.Q.: Faster Gaussian lattice sampling using lazy floating-point arithmetic. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 415–432. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_26

    Chapter  Google Scholar 

  13. Ducas, L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 433–450. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_27

    Chapter  Google Scholar 

  14. Ducas, L., Prest, T.: Fast Fourier orthogonalization. In: Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation, ISSAC 2016, Association for Computing Machinery, New York, NY, USA, pp. 191–198 (2016). https://doi.org/10.1145/2930889.2930923

  15. Ducas, L., van Woerden, W.P.J.: On the lattice isomorphism problem, quadratic forms, remarkable lattices, and cryptography. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 643–673. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07082-2_23

    Chapter  Google Scholar 

  16. Ducas, L., Postlethwaite, E.W., Pulles, L.N., van Woerden, W.: Hawk: Module LIP makes lattice signatures fast, compact and simple. Cryptology ePrint Archive, Paper 2022/1155 (2022). https://eprint.iacr.org/2022/1155

  17. Espitau, T., et al.: Mitaka: a simpler, parallelizable, maskable variant of falcon. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 222–253. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07082-2_9

    Chapter  Google Scholar 

  18. Genise, N., Micciancio, D.: Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 174–203. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_7

    Chapter  Google Scholar 

  19. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C., (eds.) 40th ACM STOC, pp. 197–206. ACM Press (2008). https://doi.org/10.1145/1374376.1374407

  20. Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 299–320. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_20

    Chapter  Google Scholar 

  21. Golomb, S.: Run-length encodings (corresp.). IEEE Trans. Inf. Theory 12(3), 399–401 (1966). https://doi.org/10.1109/TIT.1966.1053907

  22. Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_9

    Chapter  Google Scholar 

  23. Kirchner, P.: Algorithms on ideal over complex multiplication order. Cryptology ePrint Archive, Report 2016/220 (2016). https://eprint.iacr.org/2016/220

  24. Lenstra, H.W., Silverberg, A.: Lattices with symmetry. J. Cryptol. 30(3), 760–804 (2016). https://doi.org/10.1007/s00145-016-9235-7

    Article  MATH  Google Scholar 

  25. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  26. Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007). https://doi.org/10.1137/S0097539705447360

    Article  MATH  Google Scholar 

  27. Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. J. Cryptol. 22(2), 139–160 (2008). https://doi.org/10.1007/s00145-008-9031-0

    Article  MATH  Google Scholar 

  28. Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80–97. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_5

    Chapter  Google Scholar 

  29. Pornin, T., Prest, T.: More efficient algorithms for the NTRU key generation using the field norm. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 504–533. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_17

    Chapter  MATH  Google Scholar 

  30. Postlethwaite, E.W., Virdia, F.: On the success probability of solving unique SVP via BKZ. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 68–98. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_4

    Chapter  Google Scholar 

  31. Prest, T.: Gaussian sampling in lattice-based cryptography. Ph.D. thesis, Ecole normale supérieure-ENS PARIS (2015)

    Google Scholar 

  32. Prest, T., et al.: FALCON. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  33. Szydlo, M.: Hypercubic lattice reduction and analysis of GGH and NTRU signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 433–448. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_27

    Chapter  Google Scholar 

  34. T.F. development team: fpylll, a Python wraper for the fplll lattice reduction library, Version: 0.5.6 (2021). https://github.com/fplll/fpylll

Download references

Acknowledgments

The authors thank Nick Genise, Shane Gibbons, Thomas Prest, Noah Stephens-Davidowitz and the anonymous reviewers for helpful discussions and useful feedback. W. van Woerden was supported by the ERC-ADG-ALGSTRONGCRYPTO project (no. 740972). The research of L. Ducas and E.W. Postlethwaite was supported by the European Union’s H2020 Programme under PROMETHEUS project (grant 780701). L. Ducas and L.N. Pulles were supported by the ERC-StG-ARTICULATE project (no. 947821).

Author information

Authors and Affiliations

  1. CWI, Cryptology Group, Amsterdam, The Netherlands

    Léo Ducas, Eamonn W. Postlethwaite, Ludo N. Pulles & Wessel van Woerden

  2. Mathematical Institute, Leiden University, Leiden, The Netherlands

    Léo Ducas

Authors
  1. Léo Ducas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eamonn W. Postlethwaite
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ludo N. Pulles
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wessel van Woerden
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eamonn W. Postlethwaite .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Madras, Chennai, India

    Shweta Agrawal

  2. Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ducas, L., Postlethwaite, E.W., Pulles, L.N., Woerden, W.v. (2022). Hawk: Module LIP Makes Lattice Signatures Fast, Compact and Simple. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13794. Springer, Cham. https://doi.org/10.1007/978-3-031-22972-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22972-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22971-8

  • Online ISBN: 978-3-031-22972-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation