New Lattice-Based Signature Based on Fiat-Shamir Framework Without Aborts

Abstract

AbstractRecently, a number of side-channel attacks were launched on lattice-based signatures based on “Fiat-Shamir with aborts”. This shows that signature based on Fiat-Shamir with aborts is vulnerable to side-channel attacks. In this paper, we construct a lattice-based signature scheme based on Fiat-Shamir framework without aborts, and instantiate it over NTRU lattices. The proposed signature is proved to be secure in the random oracle model under some newly defined problems. We also prove the hardness of these new problems and show that the search RLWE problem is as hard as these newly defined problems. The public key size, secret key size and signature size of the proposed signature scheme are 1920 bytes, 512 bytes and 4096 bytes respectively for 180-bit quantum security level. The key and signature sizes of the proposed signature are comparable to those of the currently known signatures, such as, Dilithium, Falcon, qTESLA, MLS, BCM and MITAKA.