Litcius/Paper detail

HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures

Jung Hee Cheon, Hyeongmin Choe, Julien Devevey, Tim Güneysu, Dongyeon Hong, Markus Krausz, Georg Land, Marc Möller, Damien Stehlé, MinJune Yi

2024IACR Transactions on Cryptographic Hardware and Embedded Systems24 citationsDOIOpen Access PDF

Abstract

We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is based on the Fiat-Shamir with Aborts paradigm, but our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited application scenarios. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against a variety of attacks. As a result, our scheme has signature and verification key sizes up to 39% and 25% smaller, respectively, compared than Dilithium. We provide a portable, constanttime reference implementation together with an optimized implementation using AVX2 instructions and an implementation with reduced stack size for the Cortex-M4. Moreover, we describe how to efficiently protect HAETAE against implementation attacks such as side-channel analysis, making it an attractive candidate for use in IoT and other embedded systems.

Topics & Concepts

Computer scienceSignature (topology)NISTSide channel attackHash functionComputer securityCryptographyMathematicsGeometryNatural language processingCryptography and Data SecurityCryptographic Implementations and SecuritySecurity and Verification in Computing
HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures | Litcius