Paper 2023/239

Improved Preimage Sampling for Lattices

Corentin Jeudy, Orange Labs, Applied Crypto Group, Univ Rennes, CNRS, IRISA
Adeline Roux-Langlois, Normandie Univ, UNICAEN, ENSICAEN, CNRS, GREYC
Olivier Sanders, Orange Labs, Applied Crypto Group
Abstract

Preimage Sampling is a fundamental process in lattice-based cryptography whose performance directly affects the one of the cryptographic mechanisms that rely on it. In 2012, Micciancio and Peikert proposed a new way of generating trapdoors (and an associated preimage sampling procedure) with very interesting features. Unfortunately, in some applications such as digital signatures, the performance may not be as competitive as other approaches like Fiat-Shamir with Aborts. In this work we revisit the preimage sampling algorithm proposed by Micciancio and Peikert with different contributions. We first propose a finer analysis of this procedure which results in drastic efficiency gains of up to 50% on the preimage sizes without affecting security. It can thus be used as a drop-in replacement in every construction resorting to it. We then propose a new preimage sampling method which still relies on the trapdoors of Micciancio and Peikert, but that also bridges to the Fiat-Shamir with Aborts signature paradigm by leveraging rejection sampling. It again leads to dramatic gains of up to 75% compared to the original sampling technique. This opens promising perspectives for the efficiency of advanced lattice-based constructions relying on such mechanisms. As an application of our new procedure, we give the first lattice-based aggregate signature supporting public aggregation and that achieves relevant compression compared to the concatenation of individual signatures. Our scheme is proven secure in the aggregate chosen-key model coined by Boneh et al. in 2003, based on the well-studied assumptions Module Learning With Errors and Module Short Integer Solution.

Metadata
Available format(s)
-- withdrawn --
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Lattice-based CryptographyTrapdoorsPreimage SamplingAggregate Signature
Contact author(s)
corentin jeudy @ irisa fr
adeline roux-langlois @ cnrs fr
olivier sanders @ orange com
History
2023-02-22: withdrawn
2023-02-21: received
See all versions
Short URL
https://ia.cr/2023/239
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.