Transactions on Cryptographic Hardware and Embedded Systems (Jul 2024)

HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures

  • Jung Hee Cheon,
  • Hyeongmin Choe,
  • Julien Devevey,
  • Tim Güneysu,
  • Dongyeon Hong,
  • Markus Krausz,
  • Georg Land,
  • Marc Möller,
  • Damien Stehlé,
  • MinJune Yi

DOI
https://doi.org/10.46586/tches.v2024.i3.25-75
Journal volume & issue
Vol. 2024, no. 3

Abstract

Read online

We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is based on the Fiat-Shamir with Aborts paradigm, but our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited application scenarios. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against a variety of attacks. As a result, our scheme has signature and verification key sizes up to 39% and 25% smaller, respectively, compared than Dilithium. We provide a portable, constanttime reference implementation together with an optimized implementation using AVX2 instructions and an implementation with reduced stack size for the Cortex-M4. Moreover, we describe how to efficiently protect HAETAE against implementation attacks such as side-channel analysis, making it an attractive candidate for use in IoT and other embedded systems.

Keywords