Paper 2024/401

Plover: Masking-Friendly Hash-and-Sign Lattice Signatures

Muhammed F. Esgin, Monash University
Thomas Espitau, PQShield
Guilhem Niot, PQShield
Thomas Prest, PQShield
Amin Sakzad, Monash University
Ron Steinfeld, Monash University

We introduce a toolkit for transforming lattice-based hash-and-sign signature schemes into masking-friendly signatures secure in the t-probing model. Until now, efficiently masking lattice-based hash-and-sign schemes has been an open problem, with unsuccessful attempts such as Mitaka. A first breakthrough was made in 2023 with the NIST PQC submission Raccoon, although it was not formally proven. Our main conceptual contribution is to realize that the same principles underlying Raccoon are very generic, and to find a systematic way to apply them within the hash-and-sign paradigm. Our main technical contribution is to formalize, prove, instantiate and implement a hash-and-sign scheme based on these techniques. Our toolkit includes noise flooding to mitigate statistical leaks, and an extended Strong Non-Interfering probing security (SNIu) property to handle masked gadgets with unshared inputs. We showcase the efficiency of our techniques in a signature scheme, Plover, based on (hint) Ring-LWE. It is the first lattice-based masked hash-and-sign scheme with quasi-linear complexity O(d log d) in the number of shares d. Our performances are competitive with the state-of-the-art masking-friendly signature, the Fiat-Shamir scheme Raccoon.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
digital signaturehash-and-signmasking-friendlypost-quantumlattice
Contact author(s)
muhammed esgin @ monash edu
thomas @ espitau com
guilhem @ gniot fr
thomas prest @ pqshield com
amin sakzad @ monash edu
ron steinfeld @ monash edu
2024-03-08: approved
2024-03-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Muhammed F. Esgin and Thomas Espitau and Guilhem Niot and Thomas Prest and Amin Sakzad and Ron Steinfeld},
      title = {Plover: Masking-Friendly Hash-and-Sign Lattice Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2024/401},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.