CryptoDB
Joost Rijneveld
Publications
Year
Venue
Title
2018
PKC
SOFIA: $\mathcal {MQ}$MQ-Based Signatures in the QROM
Abstract
We propose SOFIA, the first $$\mathcal {MQ}$$MQ-based signature scheme provably secure in the quantum-accessible random oracle model (QROM). Our construction relies on an extended version of Unruh’s transform for 5-pass identification schemes that we describe and prove secure both in the ROM and QROM.Based on a detailed security analysis, we provide concrete parameters for SOFIA that achieve 128-bit post-quantum security. The result is SOFIA-4-128 with parameters carefully optimized to minimize signature size and maximize performance. SOFIA-4-128 comes with an implementation targeting recent Intel processors with the AVX2 vector-instruction set; the implementation is fully protected against timing attacks.
2017
CHES
High-Speed Key Encapsulation from NTRU
Abstract
This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307 914 cycles for the generation of a keypair, 48 646 for encapsulation, and 67 338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.
Coauthors
- Ming-Shing Chen (2)
- Andreas Hülsing (5)
- Joost Rijneveld (5)
- Simona Samardjiska (2)
- John M. Schanck (1)
- Peter Schwabe (4)
- Fang Song (1)