We extend and consolidate the security justification for the Dilithium signature scheme. In particular, we identify a subtle but crucial gap that appears in several ROM and QROM security proofs for signature schemes that are based on the Fiat-Shamir with aborts paradigm, including Dilithium. The gap lies in the CMA-to-NMA reduction and was uncovered when trying to formalize a variant of the QROM security proof by Kiltz, Lyubashevsky, and Schaffner (Eurocrypt 2018). The gap was confirmed by the authors, and there seems to be no simple patch for it. We provide new, fixed proofs for the affected CMA-to-NMA reduction, both for the ROM and the QROM, and we perform a concrete security analysis for the case of Dilithium to show that the claimed se...
The goal of cryptography is to construct secure and efficient protocols for various tasks. Unfortuna...
CRYSTALS-Dilithium has been selected by the NIST as the new standard for post-quantum digital signat...
The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any...
We extend and consolidate the security justification for the Dilithium signature scheme. In particul...
We extend and consolidate the security justification for the Dilithium signature scheme. In particul...
The Fiat-Shamir transform is a technique for combining a hash function and an identification scheme ...
In the wake of recent progress on quantum computing hardware, the National Institute of Standards an...
Many evidences have showed that some intelligence agencies (often called big brother) attempt to mon...
We revisit recent works by Don, Fehr, Majenz and Schaffner and by Liu and Zhandry on the security of...
International audienceThis paper presents a new profiling side-channel attack on CRYSTALS-Dilithium,...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tig...
www.cryptoplexity.de oezguer.dagdelen @ cased.de marc.fischlin @ gmail.com tommaso @ gagliardoni.net...
This paper presents a comprehensive analysis of the verification algorithm of the CRYSTALS-Dilithium...
The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tig...
The goal of cryptography is to construct secure and efficient protocols for various tasks. Unfortuna...
CRYSTALS-Dilithium has been selected by the NIST as the new standard for post-quantum digital signat...
The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any...
We extend and consolidate the security justification for the Dilithium signature scheme. In particul...
We extend and consolidate the security justification for the Dilithium signature scheme. In particul...
The Fiat-Shamir transform is a technique for combining a hash function and an identification scheme ...
In the wake of recent progress on quantum computing hardware, the National Institute of Standards an...
Many evidences have showed that some intelligence agencies (often called big brother) attempt to mon...
We revisit recent works by Don, Fehr, Majenz and Schaffner and by Liu and Zhandry on the security of...
International audienceThis paper presents a new profiling side-channel attack on CRYSTALS-Dilithium,...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tig...
www.cryptoplexity.de oezguer.dagdelen @ cased.de marc.fischlin @ gmail.com tommaso @ gagliardoni.net...
This paper presents a comprehensive analysis of the verification algorithm of the CRYSTALS-Dilithium...
The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tig...
The goal of cryptography is to construct secure and efficient protocols for various tasks. Unfortuna...
CRYSTALS-Dilithium has been selected by the NIST as the new standard for post-quantum digital signat...
The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any...