Paper 2019/548

About Wave Implementation and its Leakage Immunity

Thomas Debris-Alazard, Nicolas Sendrier, and Jean-Pierre Tillich


Wave is a recent digital signature scheme. It is based on a family of trapdoor one-way Preimage Sampleable Functions and is proven EUF-CMA in the random oracle model under two code-based computational assumptions. One of its key properties is to produce signatures uniformly distributed of fixed Hamming weight. This property implies that, if properly implemented, Wave is immune to leakage attack. We describe here the key stages for the implementation of the Wave trapdoor inverse function to integrate all the features to achieve leakage-freeness. A proof of concept implementation was made in SageMath and in C. It allowed us to check that properly generated Wave signatures are uniformly distributed.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
preimage sampleable functionhash and sign signatureprovable securitycode-based crypto
Contact author(s)
nicolas sendrier @ inria fr
thomas debris @ inria fr
jean-pierre tillich @ inria fr
2019-10-29: revised
2019-05-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Thomas Debris-Alazard and Nicolas Sendrier and Jean-Pierre Tillich},
      title = {About Wave Implementation and its Leakage Immunity},
      howpublished = {Cryptology ePrint Archive, Paper 2019/548},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.