Abstract. Generally, lattice-based cryptographic primitives offer good performance and allow for strong security reductions. However, the most efficient current lattice-based sig-nature schemes sacrifice (part of its) security to achieve good performance: first, security is based on ideal lattice problems, that might not be as hard as standard lattice problems. Secondly, the security reductions of the most efficient schemes are non-tight; hence, their choices of parameters offer security merely heuristically. Moreover, lattice-based signatures are instantiated for classical adversaries, although they are based on presumably quantum hard problems. Yet, it is not known how such schemes perform in a post-quantum world. We bridge this gap by pr...
It is known that the development of quantum computers will break the cryptographic schemes that are...
Abstract. At CT-RSA 2014 Bai and Galbraith proposed a lattice-based signature scheme optimized for s...
Abstract—Nearly all of the currently used signature schemes, such as RSA or DSA, are based either on...
Building cryptographic schemes upon as many fundamentally different hard problems as possible, seems...
Digital signatures are indispensable for security on the Internet, because they guarantee authentici...
We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a...
International audienceWe provide an alternative method for constructing lattice-based digital signat...
Digital signatures and encryption schemes constitute arguably an integral part of cryptographic sche...
Abstract. We provide an alternative method for constructing lattice-based digital signatures which d...
8th International Workshop on Post-Quantum Cryptography, PQCrypto 2017 -- 26 June 2017 through 28 Ju...
In data security, the main objectives one tries to achieve are confidentiality, data integrity and a...
Lattice-based cryptography is a prominent class of cryptographic systems that has been emerged as on...
International audienceAs the advent of general-purpose quantum computers appears to be drawing close...
Public-key cryptography is an indispensable component used in almost all of our present-day digital ...
One essential quest in cryptography is the search for hard instances of a given computational proble...
It is known that the development of quantum computers will break the cryptographic schemes that are...
Abstract. At CT-RSA 2014 Bai and Galbraith proposed a lattice-based signature scheme optimized for s...
Abstract—Nearly all of the currently used signature schemes, such as RSA or DSA, are based either on...
Building cryptographic schemes upon as many fundamentally different hard problems as possible, seems...
Digital signatures are indispensable for security on the Internet, because they guarantee authentici...
We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a...
International audienceWe provide an alternative method for constructing lattice-based digital signat...
Digital signatures and encryption schemes constitute arguably an integral part of cryptographic sche...
Abstract. We provide an alternative method for constructing lattice-based digital signatures which d...
8th International Workshop on Post-Quantum Cryptography, PQCrypto 2017 -- 26 June 2017 through 28 Ju...
In data security, the main objectives one tries to achieve are confidentiality, data integrity and a...
Lattice-based cryptography is a prominent class of cryptographic systems that has been emerged as on...
International audienceAs the advent of general-purpose quantum computers appears to be drawing close...
Public-key cryptography is an indispensable component used in almost all of our present-day digital ...
One essential quest in cryptography is the search for hard instances of a given computational proble...
It is known that the development of quantum computers will break the cryptographic schemes that are...
Abstract. At CT-RSA 2014 Bai and Galbraith proposed a lattice-based signature scheme optimized for s...
Abstract—Nearly all of the currently used signature schemes, such as RSA or DSA, are based either on...