Cryptology ePrint Archive: Report 2018/996

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

Thomas Debris-Alazard and Nicolas Sendrier and Jean-Pierre Tillich

Abstract: We present here a new family of trapdoor one-way functions that are Preimage Sampleable on Average (PSA) based on codes, the Wave-PSA family. The trapdoor function is one-way under two computational assumptions: the hardness of generic decoding for high weights and the indistinguishability of generalized $(U,U+V)$-codes. Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we ensure the proper distribution for the trapdoor inverse output. The domain sampling property of our family is ensured by using and proving a variant of the left-over hash lemma. We instantiate the new Wave-PSA family with ternary generalized $(U,U+V)$-codes to design a ``hash-and-sign'' signature scheme which achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model. For 128 bits of classical security, signature sizes are in the order of 13 thousand bits, the public key size in the order of 3 megabytes, and the rejection rate is below one rejection every 100 signatures.

Category / Keywords: public-key cryptography / Code-based Cryptography, Signature Scheme, GPV, Security Proof, Decoding Algorithm

Original Publication (with minor differences): ArXiv

Date: received 16 Oct 2018, last revised 28 Oct 2019

Contact author: thomas debris at inria fr,nicolas sendrier@inria fr,jean-pierre tillich@inria fr

Available format(s): PDF | BibTeX Citation

Version: 20191028:155527 (All versions of this report)

Short URL: ia.cr/2018/996


[ Cryptology ePrint archive ]