Paper 2019/1456

ModFalcon: compact signatures based on module NTRU lattices

Chitchanok Chuengsatiansup, Thomas Prest, Damien Stehlé, Alexandre Wallet, and Keita Xagawa


Lattices lead to promising practical post-quantum digital signatures, combining asymptotic efficiency with strong theoretical security guarantees. However, tuning their parameters into practical instantiations is a delicate task. On the one hand, NIST round 2 candidates based on Lyubashevsky's design (such as dilithium and qtesla) allow several tradeoffs between security and efficiency, but at the expense of a large bandwidth consumption. On the other hand, the hash-and-sign falcon signature is much more compact and is still very efficient, but it allows only two security levels, with large compactness and security gaps between them. We introduce a new family of signature schemes based on the falcon design, which relies on module lattices. Our concrete instantiation enjoys the compactness and efficiency of falcon, and allows an intermediate security level. It leads to the most compact lattice-based signature achieving a quantum security above 128 bits.

Note: - updated an affiliation - added acknowledgments

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
public-key cryptographyLattice-Based Cryptographymodule latticessignature schemepublic key encryptionNTRU
Contact author(s)
wallet alexandre @ gmail com
damien stehle @ gmail com
thomas prest @ pqshield com
elisaemol @ gmail com
xagawa @ gmail com
2019-12-19: revised
2019-12-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Chitchanok Chuengsatiansup and Thomas Prest and Damien Stehlé and Alexandre Wallet and Keita Xagawa},
      title = {ModFalcon: compact signatures based on module NTRU lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1456},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.