Pre‐image sample algorithm with irregular Gaussian distribution and construction of identity‐based signature

• Published in: Concurrency and computation Vol. 29; no. 20
• Main Authors: Yan, Jianhua, Wang, Licheng, Li, Jing, Li, Muzi, Yang, Yixan, Yao, Wenbin
• Format: Journal Article
• Language: English
• Published: Hoboken Wiley Subscription Services, Inc 25.10.2017
• Subjects: Algorithms; concurrent computation; Convolution; Costs; Cryptography; Gaussian distribution; IBS; irregular Gaussian distribution; Normal distribution; post‐quantum cryptography; pre‐image sample algorithm; Surface hardness
• ISSN: 1532-0626; 1532-0634
• DOI: 10.1002/cpe.3925

Summary Lattice has become an attractive cryptographic tool due to its potential resistance to quantum attacks, worst‐case hardness, simple computation kind, and flexibility. The pre‐image sample algorithm is the most fundamental algorithm in lattice‐based cryptography for its comprehensive applications in various primitives. Currently, SampleDO due to Micciancio and Peikert (MP) sample algorithm is the most efficient pre‐image sample algorithm. However, this algorithm also needs massive computations. On the one hand, it expenses the cube of the lattice dimension multiplications over reals to set matrices as Gaussian parameters. On the other hand, it needs complex discrete convolution computations. First, this paper proposes an efficient pre‐image sample algorithm with outputs obeying irregular Gaussian distribution. Two measures are adopted to prevent the leakage of the geometrical property of trapdoor caused by irregular Gaussian outputs. A variant of MP trapdoor is proposed, and a new trapdoor is randomly assembled from a big enough space in each sample. Although still using a matrix as the Guassian parameter, in the proposed algorithm, the computational cost to set Gaussian parameters is zero. Meanwhile, the computational overhead for every sample is far less than that of MP sample algorithm. Second, to demonstrate the security and efficiency of the proposed sample algorithm, a hierarchical identity‐based signature scheme is put forward. This scheme is proved existentially unforgeable against selective identity adaptively chosen‐message attacks. Furthermore, the theoretical analysis shows that the proposed identity‐based signature is more efficient than the existing schemes. Copyright © 2016 John Wiley & Sons, Ltd.