CryptoDB
HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures
| Authors: | |
|---|---|
| Download: | |
| Abstract: | We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is based on the Fiat-Shamir with Aborts paradigm, but our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited application scenarios. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against a variety of attacks. As a result, our scheme has signature and verification key sizes up to 39% and 25% smaller, respectively, compared than Dilithium. We provide a portable, constanttime reference implementation together with an optimized implementation using AVX2 instructions and an implementation with reduced stack size for the Cortex-M4. Moreover, we describe how to efficiently protect HAETAE against implementation attacks such as side-channel analysis, making it an attractive candidate for use in IoT and other embedded systems. |
BibTeX
@article{tches-2024-34435,
title={HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2024},
pages={25-75},
url={https://tches.iacr.org/index.php/TCHES/article/view/11669},
doi={10.46586/tches.v2024.i3.25-75},
author={Jung Hee Cheon and Hyeongmin Choe and Julien Devevey and Tim Güneysu and Dongyeon Hong and Markus Krausz and Georg Land and Marc Möller and Damien Stehlé and MinJune Yi},
year=2024
}