In \cite{GPV08} Gentry, Peikert and Vaikuntanathan proposed a randomized version of Babai's nearest plane algorithm such that the distribution of a reduced vector modulo a secret parallelepiped only depended on the size of the base used. Using this algorithm and generating large, close to uniform, public keys they managed to get provably secure GGH-like lattice-based signatures. Recently, Stehlé and Steinfeld obtained a provably secure scheme very close to \texttt{NTRUSign} \cite{SS13} (from a theoretical point of view).
In this paper we present an alternative approach to seal the leak of \texttt{NTRUSign}. Instead of modifying the lattices and algorithms used, we do a classic leaky \texttt{NTRUSign} signature and hide it with gaussian noise using techniques present in Lyubashevky's signatures. Our main contributions are thus a set of strong \texttt{NTRUSign} parameters, obtained by taking into account latest known attacks against the scheme, a statistical way to hide the leaky \texttt{NTRU} signature so that this particular instantiation of CVP-based signature scheme becomes zero-knowledge and secure against forgeries, based on the worst-case hardness of the $\mathcal{\tilde{O}}(N^{1.5})$-Shortest Independent Vector Problem over \texttt{NTRU} lattices. Finally, we give a set of concrete parameters to gauge the efficiency of the obtained signature scheme.
Category / Keywords: Lattice-based Cryptography, Digital Signatures, NTRUSign, Provable Security, SIS Date: received 18 Jun 2014, last revised 21 Jul 2014 Contact author: jean-christophe deneuville at xlim fr Available format(s): PDF | BibTeX Citation Version: 20140721:091407 (All versions of this report) Short URL: ia.cr/2014/484