Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model (2312.16619v2)

Published 27 Dec 2023 in cs.CR and quant-ph

Abstract: In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that NIST has chosen is CRYSTALS-Dilithium. The hardness of this scheme is based on the hardness of three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. MLWE and MSIS have been well-studied and are widely believed to be secure. However, SelfTargetMSIS is novel and, though classically as hard as MSIS, its quantum hardness is unclear. In this paper, we provide the first proof of the hardness of SelfTargetMSIS via a reduction from MLWE in the Quantum Random Oracle Model (QROM). Our proof uses recently developed techniques in quantum reprogramming and rewinding. A central part of our approach is a proof that a certain hash function, derived from the MSIS problem, is collapsing. From this approach, we deduce a new security proof for Dilithium under appropriate parameter settings. Compared to the previous work by Kiltz, Lyubashevsky, and Schaffner (EUROCRYPT 2018) that gave the only other rigorous security proof for a variant of Dilithium, our proof has the advantage of being applicable under the condition q = 1 mod 2n, where q denotes the modulus and n the dimension of the underlying algebraic ring. This condition is part of the original Dilithium proposal and is crucial for the efficient implementation of the scheme. We provide new secure parameter sets for Dilithium under the condition q = 1 mod 2n, finding that our public key size and signature size are about 2.9 times and 1.3 times larger, respectively, than those proposed by Kiltz et al. at the same security level.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. M. Ajtai “Generating Hard Instances of Lattice Problems” In Proceedings of the 28th ACM Symposium on the Theory of Computing (STOC) Philadelphia, Pennsylvania, USA: Association for Computing Machinery, 1996, pp. 99–108 DOI: 10.1145/237814.237838
  2. “Status report on the third round of the NIST post-quantum cryptography standardization process” In US Department of Commerce, NIST, 2022 DOI: 10.6028/NIST.IR.8413-upd1
  3. “Revisiting the Expected Cost of Solving uSVP and Applications to LWE” In Advances in Cryptology – ASIACRYPT 2017 Cham: Springer International Publishing, 2017, pp. 297–322 DOI: 10.1007/978-3-319-70694-8_11
  4. “Post-quantum Key Exchange—A New Hope” In 25th USENIX Security Symposium (USENIX Security 16) Austin, TX: USENIX Association, 2016, pp. 327–343
  5. “CRYSTALS-Dilithium: Algorithm Specifications and Supporting Documentation (Version 3.1)” Current: https://pq-crystals.org/dilithium/resources.shtml; stable: https://doi.org/10.13154/tches.v2018.i1.238-268, 2021
  6. “Fixing and Mechanizing the Security Proof of Fiat-Shamir with Aborts and Dilithium” In Advances in Cryptology – CRYPTO 2023 Cham: Springer Nature Switzerland, 2023, pp. 358–389 DOI: 10.1007/978-3-031-38554-4_12
  7. “Multi-Signatures in the Plain Public-Key Model and a General Forking Lemma” In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06 Alexandria, Virginia, USA: Association for Computing Machinery, 2006, pp. 390–399 DOI: 10.1145/1180405.1180453
  8. “Random Oracles in a Quantum World” In Advances in Cryptology – ASIACRYPT 2011 Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 41–69 DOI: 10.1007/978-3-642-25385-0_3
  9. Yuanmi Chen and Phong Q. Nguyen “BKZ 2.0: Better Lattice Security Estimates” In Advances in Cryptology – ASIACRYPT 2011 Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 1–20 DOI: 10.1007/978-3-642-25385-0_1
  10. “A Detailed Analysis of Fiat-Shamir with Aborts” In Advances in Cryptology – CRYPTO 2023 Cham: Springer Nature Switzerland, 2023, pp. 327–357 DOI: 10.1007/978-3-031-38554-4_11
  11. Jelle Don, Serge Fehr and Christian Majenz “The Measure-and-Reprogram Technique 2.0: Multi-round Fiat-Shamir and More” In Advances in Cryptology – CRYPTO 2020 Cham: Springer International Publishing, 2020, pp. 602–631 DOI: 10.1007/978-3-030-56877-1_21
  12. “On the Necessity of Collapsing for Post-Quantum and Quantum Commitments” In 18th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2023) 266, Leibniz International Proceedings in Informatics (LIPIcs) Dagstuhl, Germany: Schloss Dagstuhl – Leibniz-Zentrum für Informatik, 2023, pp. 2:1–2:23 DOI: 10.4230/LIPIcs.TQC.2023.2
  13. Lov K. Grover “A fast quantum mechanical algorithm for database search” In Proceedings of the 28th ACM Symposium on the Theory of Computing (STOC), 1996, pp. 212–219 DOI: 10.1145/237814.237866
  14. “Implementing Grover Oracles for Quantum Key Search on AES and LowMC” In Advances in Cryptology – EUROCRYPT 2020 Cham: Springer International Publishing, 2020, pp. 280–310 DOI: 10.1007/978-3-030-45724-2_10
  15. Eike Kiltz, Vadim Lyubashevsky and Christian Schaffner “A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model” In Advances in Cryptology – EUROCRYPT 2018 Cham: Springer International Publishing, 2018, pp. 552–586 DOI: 10.1007/978-3-319-78372-7_18
  16. Thijs Laarhoven “Search problems in cryptography: from fingerprinting to lattice sieving” Technische Universiteit Eindhoven, 2016
  17. “Number Theoretic Transform: Generalization, Optimization, Concrete Analysis and Applications” In Information Security and Cryptology Cham: Springer International Publishing, 2021, pp. 415–432 DOI: 10.1007/978-3-030-71852-7_28
  18. Jiahui Liu, Hart Montgomery and Mark Zhandry “Another Round of Breaking and Making Quantum Money: How To Not Build It From Lattices, And More” In Advances in Cryptology – EUROCRYPT 2023 Cham: Springer Nature Switzerland, 2023, pp. 611–638 DOI: 10.1007/978-3-031-30545-0_21
  19. “One-Shot Verifiable Encryption from Lattices” In Advances in Cryptology – EUROCRYPT 2017 Cham: Springer International Publishing, 2017, pp. 293–323 DOI: 10.1007/978-3-319-56620-7_11
  20. “Worst-Case to Average-Case Reductions for Module Lattices” In Designs, Codes and Cryptography 75, 2015, pp. 565–599 DOI: 10.1007/s10623-014-9938-4
  21. Vadim Lyubashevsky “Lattice Signatures without Trapdoors” In Advances in Cryptology – EUROCRYPT 2012 Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 738–755 DOI: 10.1007/978-3-642-29011-4_43
  22. “Revisiting Post-quantum Fiat-Shamir” In Advances in Cryptology – CRYPTO 2019 Cham: Springer International Publishing, 2019, pp. 326–355 DOI: 10.1007/978-3-030-26951-7_12
  23. “Hardness of SIS and LWE with Small Parameters” In Advances in Cryptology – CRYPTO 2013 Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 21–39
  24. “Lattice-based Cryptography” In Post-Quantum Cryptography Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 147–191 DOI: 10.1007/978-3-540-88702-7_5
  25. “Module-Lattice-Based Digital Signature Standard”, 2023 DOI: 10.6028/NIST.FIPS.204.ipd
  26. Chris Peikert “Limits on the Hardness of Lattice Problems in lp Norms” In Twenty-Second Annual IEEE Conference on Computational Complexity (CCC’07), 2007, pp. 333–346 DOI: 10.1109/CCC.2007.12
  27. Chris Peikert “A Decade of Lattice Cryptography” In Found. Trends Theor. Comput. Sci. 10.4 Hanover, MA, USA: Now Publishers Inc., 2016, pp. 283–424 DOI: 10.1561/0400000074
  28. Oded Regev “On Lattices, Learning with Errors, Random Linear Codes, and Cryptography” In J. ACM 56.6 New York, NY, USA: Association for Computing Machinery, 2009 DOI: 10.1145/1568318.1568324
  29. “Lattice basis reduction: Improved practical algorithms and solving subset sum problems” In Mathematical Programming 66.1, 1994, pp. 181–199 DOI: 10.1007/BF01581144
  30. Dominique Unruh “Quantum Proofs of Knowledge” In Advances in Cryptology – EUROCRYPT 2012 Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 135–152 DOI: 10.1007/978-3-642-29011-4_10
  31. Dominique Unruh “Collapse-Binding Quantum Commitments Without Random Oracles” In Advances in Cryptology – ASIACRYPT 2016 Berlin, Heidelberg: Springer Berlin Heidelberg, 2016, pp. 166–195 DOI: 10.1007/978-3-662-53890-6_6
  32. “Revisiting the Concrete Hardness of SelfTargetMSIS in CRYSTALS-Dilithium” iacr:2022/1601, Cryptology ePrint Archive, Paper 2022/1601, 2022
  33. Mark Zhandry ‘‘Secure Identity-Based Encryption in the Quantum Random Oracle Model’’ In Advances in Cryptology -- CRYPTO 2012 Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 758–775 DOI: 10.1007/978-3-642-32009-5_44
  34. Mark Zhandry ‘‘A note on the quantum collision and set equality problems’’ In Quantum Information and Computation 15.7-8 Rinton Press Inc., 2015, pp. 557–567 DOI: 10.26421/QIC15.7-8-2
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets