Paper 2024/1291
Raccoon: A Masking-Friendly Signature Proven in the Probing Model
Abstract
This paper presents Raccoon, a lattice-based signature scheme submitted to the NIST 2022 call for additional post-quantum signatures. Raccoon has the specificity of always being masked. Concretely, all sensitive intermediate values are shared into 𝑑 parts. The main design rationale of Raccoon is to be easy to mask at high orders, and this dictated most of its design choices, such as the introduction of new algorithmic techniques for sampling small errors. As a result, Raccoon achieves a masking overhead $𝑂(𝑑 \log 𝑑)$ that compares favorably with the overheads $𝑂(𝑑^2 \log 𝑞)$ observed when masking standard lattice signatures. In addition, we formally prove the security of Raccoon in the 𝑡-probing model: an attacker is able to probe $𝑡 ≤ 𝑑 −1$ shares during each execution of the main algorithms (key generation, signing, verification). While for most cryptographic schemes, the black-box 𝑡-probing security can be studied in isolation, in Raccoon this analysis is performed jointly. To that end, a bridge must be made between the black-box game-based EUF-CMA proof and the usual simulation proofs of the ISW model (CRYPTO 2003). We formalize an end-to-end masking proof by deploying the probing EUF-CMA introduced by Barthe et al.(Eurocrypt 2018) and exhibiting the simulators of the non-interference properties (Barthe et al. CCS 2016). The proof is divided into three novel parts: - a simulation proof in the ISW model that allows to propagate the dependency to a restricted number of inputs and random coins, - a game-based proof showing that the security of Raccoon with probes can be reduced to an instance of Raccoon with smaller parameters, - a parameter study to ensure that the smaller instance is secure, using a robust generalization of the Rényi divergence. While we apply our techniques to Raccoon, we expect that the algorithmic and proof techniques we introduce will be helpful for the design and analysis of future masking-friendly schemes.
Note: This is the conference version for CRYPTO 2024. This submission will be updated to fit the eprint format.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in CRYPTO 2024
- Keywords
- Raccoon signature𝑡-probing modelside-channel attacks
- Contact author(s)
-
rafael del pino @ pqshield com
shuichi katsumata @ pqshield com
thomas prest @ pqshield com
melissa mv rossi @ gmail com - History
- 2024-08-20: approved
- 2024-08-16: received
- See all versions
- Short URL
- https://ia.cr/2024/1291
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1291, author = {Rafaël del Pino and Shuichi Katsumata and Thomas Prest and Mélissa Rossi}, title = {Raccoon: A Masking-Friendly Signature Proven in the Probing Model}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1291}, year = {2024}, url = {https://eprint.iacr.org/2024/1291} }