CryptoDB
Dongyeon Hong
Publications
Year
Venue
Title
2024
TCHES
HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures
Abstract
We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is based on the Fiat-Shamir with Aborts paradigm, but our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited application scenarios. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against a variety of attacks. As a result, our scheme has signature and verification key sizes up to 39% and 25% smaller, respectively, compared than Dilithium. We provide a portable, constanttime reference implementation together with an optimized implementation using AVX2 instructions and an implementation with reduced stack size for the Cortex-M4. Moreover, we describe how to efficiently protect HAETAE against implementation attacks such as side-channel analysis, making it an attractive candidate for use in IoT and other embedded systems.
Coauthors
- Jung Hee Cheon (1)
- Hyeongmin Choe (1)
- Julien Devevey (1)
- Tim Güneysu (1)
- Dongyeon Hong (1)
- Markus Krausz (1)
- Georg Land (1)
- Marc Möller (1)
- Damien Stehlé (1)
- MinJune Yi (1)