2 research outputs found
Modular lattice signatures, revisited
In this paper we revisit the modular lattice signature scheme
and its efficient instantiation known as pqNTRUSign.
First, we show that a modular lattice
signature scheme can be based on a standard lattice problem.
The fundamental problem that needs to be solved by the signer or a potential forger is recovering a lattice vector with a restricted norm, given the least significant bits. We
show that this problem is equivalent to the short integer solution (SIS) problem
over the corresponding lattice.
In addition, we show that by replacing the uniform sampling in pqNTRUSign
with a bimodal Gaussian sampling, we can further reduce the size
of a signature.
An important new contribution, enabled by this Gaussian sampling version of pqNTRUSign, is that we can now
perform batch verification of messages signed by the same public key, which allows the verifier to check approximately
24 signatures in a single verification process