Cryptology ePrint Archive: Report 2015/755

Revisiting TESLA in the quantum random oracle model

Erdem Alkim and Nina Bindel and Johannes Buchmann and Özgür Dagdelen and Edward Eaton and Gus Gutoski and Juliane Krämer and Filip Pawlega

Abstract: We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM). Moreover, a variant using chameleon hash functions was lifted to the quantum random oracle model (QROM). However, both reductions were later found to be flawed and hence it remained unresolved until now whether TESLA can be proven to be tightly secure in the (Q)ROM. In the present paper we provide an entirely new, tight security reduction for TESLA from LWE in the QROM (and thus in the ROM). Our security reduction involves the adaptive re-programming of a quantum oracle. Furthermore, we propose parameter sets targeting 128 bits of security against both classical and quantum adversaries and compare TESLA’s performance with state-of-the-art signature schemes.

Category / Keywords: Quantum Random Oracle, Post Quantum Cryptography, Lattice-Based Cryptography, Signature Scheme, Tight Security Reduction

Original Publication (with major differences): PQCrypto 2017; The Eighth International Conference on Post-Quantum Cryptography

Date: received 29 Jul 2015, last revised 4 May 2017

Contact author: nbindel at cdc informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20170504:073010 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]