Paper 2020/1158
Don't throw your nonces out with the bathwater: Speeding up Dilithium by reusing the tail of y
Daan Sprenkels and Bas Westerbaan
Abstract
We suggest a small change to the Dilithium signature scheme, that allows one to reuse computations between rejected nonces, for a speed-up in signing time. The modification is based on the idea that, after rejecting on a too large $\|\mathbf{r}_0\|_\infty$, not all elements of the nonce $\mathbf{y}$ are spent. We swap the order of the checks; and if this $\mathbf{r}_0$-check fails, we only need to resample $y_1$. We provide a proof that shows that the modification does not affect the security of the scheme. We present measurements of the performance of the modified scheme on AVX2, Cortex M4, and Cortex M3, which show a speed-up ranging from 11% for Dilithium2 on M3 to 22% for Dilithium3 on AVX2.
Note: This version of the paper (16 Dec 2012) is based on our our previous paper from 22 Sep 2020, which was published under the same name.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- DilithiumFiat-Shamir with abortslattice-based cryptographyAVX2ARM Cortex-M4ARM Cortex-M3
- Contact author(s)
-
daan @ dsprenkels com
bas @ westerbaan name - History
- 2021-12-16: revised
- 2020-09-25: received
- See all versions
- Short URL
- https://ia.cr/2020/1158
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1158,
author = {Daan Sprenkels and Bas Westerbaan},
title = {Don't throw your nonces out with the bathwater: Speeding up Dilithium by reusing the tail of y},
howpublished = {Cryptology ePrint Archive, Paper 2020/1158},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1158}},
url = {https://eprint.iacr.org/2020/1158}
}
