Paper 2021/1699

A Compact Digital Signature Scheme Based on the Module-LWR problem*

Hiroki Okada, Atsushi Takayasu, Kazuhide Fukushima, Shinsaku Kiyomoto, and Tsuyoshi Takagi


We propose a lattice-based digital signature scheme MLWRSign by modifying Dilithium, which is one of the third-Round finalists of NIST’s call for post-quantum cryptographic standards. To the best of our knowledge, our scheme MLWRSign is the first signature scheme whose security is based on the (module) learning with rounding (LWR) problem. Due to the simplicity of the LWR, the secret key size is reduced by approximately 30% in our scheme compared to Dilithium, while achieving the same level of security. Moreover, we implemented MLWRSign and observed that the running time of MLWRSign is comparable to that of Dilithium.

Note: This paper is a revised version of [OTF+21]. We have corrected an error in Eq. (3), and slightly modified the Sign procedure of MLWRSign. See Appendix A for the details.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E104.A(9), pp. 1219–1234
Lattice CryptographyDigital SignaturesLearning with Rounding
Contact author(s)
ir-okada @ kddi-research jp
2021-12-30: received
Short URL
Creative Commons Attribution


      author = {Hiroki Okada and Atsushi Takayasu and Kazuhide Fukushima and Shinsaku Kiyomoto and Tsuyoshi Takagi},
      title = {A Compact Digital Signature Scheme Based on the Module-{LWR} problem*},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1699},
      year = {2021},
      doi = {10.1587/transfun.2020DMP0012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.