Plover: Masking-Friendly Hash-and-Sign Lattice Signatures

Muhammed F. Esgin; Thomas Espitau; Guilhem Niot; Thomas Prest; Amin Sakzad; Ron Steinfeld

Paper 2024/401

Plover: Masking-Friendly Hash-and-Sign Lattice Signatures

Muhammed F. Esgin

, Monash University

Thomas Espitau

, PQShield

Guilhem Niot

, PQShield

Thomas Prest

, PQShield

Amin Sakzad

, Monash University

Ron Steinfeld

, Monash University

Abstract

We introduce a toolkit for transforming lattice-based hash-and-sign signature schemes into masking-friendly signatures secure in the t-probing model. Until now, efficiently masking lattice-based hash-and-sign schemes has been an open problem, with unsuccessful attempts such as Mitaka. A first breakthrough was made in 2023 with the NIST PQC submission Raccoon, although it was not formally proven. Our main conceptual contribution is to realize that the same principles underlying Raccoon are very generic, and to find a systematic way to apply them within the hash-and-sign paradigm. Our main technical contribution is to formalize, prove, instantiate and implement a hash-and-sign scheme based on these techniques. Our toolkit includes noise flooding to mitigate statistical leaks, and an extended Strong Non-Interfering probing security (SNIu) property to handle masked gadgets with unshared inputs. We showcase the efficiency of our techniques in a signature scheme, Plover, based on (hint) Ring-LWE. It is the first lattice-based masked hash-and-sign scheme with quasi-linear complexity O(d log d) in the number of shares d. Our performances are competitive with the state-of-the-art masking-friendly signature, the Fiat-Shamir scheme Raccoon.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: A major revision of an IACR publication in EUROCRYPT 2024
Keywords: digital signature hash-and-sign masking-friendly post-quantum lattice
Contact author(s): muhammed esgin @ monash edu
thomas @ espitau com
guilhem @ gniot fr
thomas prest @ pqshield com
amin sakzad @ monash edu
ron steinfeld @ monash edu
History: 2024-03-08: approved; 2024-03-05: received; See all versions
Short URL: https://ia.cr/2024/401
License: CC BY

BibTeX

@misc{cryptoeprint:2024/401,
      author = {Muhammed F. Esgin and Thomas Espitau and Guilhem Niot and Thomas Prest and Amin Sakzad and Ron Steinfeld},
      title = {Plover: Masking-Friendly Hash-and-Sign Lattice Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2024/401},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/401}},
      url = {https://eprint.iacr.org/2024/401}
}