О применении постквантовых ЭЦП в национальных блокчейн-экосистемах и платформах на основе теории решеток

Криптопримитивы электронной цифровой подписи (ЭЦП) являются достаточно важными компонентами в любой подсистеме защиты информации национальных блокчейн-экосистем и платформ. Большинство известных схем ЭЦП основано на предположении о вычислительной сложности задач факторизации больших чисел (например, RSA) или дискретного логарифмирования (таких как DSA и ECDSA). Однако полученные научно-технические результаты в области постквантовой криптологии и квантовых вычислений ставят под сомнение достаточность известных криптопримитивов ЭЦП. По этой причине растет актуальность новых, постквантовых схем ЭЦП на основе таких разделов математики, которые способны обеспечить квантовую устойчивость упомянутых систем к атакам злоумышленников с применением квантового компьютера. В настоящей статье представлены результаты критического анализа известных схем ЭЦП на основе теории решеток. При этом акцент сделан на практических аспектах применения этих криптопримитивов (эффективность, квантовая устойчивость, размер ключа и пр.).

1. Peter W. Shor. 1997. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26, 5 (Oct. 1997), 1484–1509.

2. Nils Gura, Arun Patel, Arvinderpal Wander, Hans Eberle, and Sheueling Chang Shantz. 2004. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In CHES. 119– 132.

3. Tobias Oder, Thomas Poppelmann, and Tim Guneysu. 2014. Beyond ECDSA and RSA: Lattice-based Digital Signatures on Constrained Devices. In DAC. 1–6.

4. Vadim Lyubashevsky and Daniele Micciancio. 2009. On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem. In CRYPTO. 577–594.

5. Daniele Micciancio. 2008. Efficient Reductions Among Lattice Problems. In SODA. 84–93.

6. Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013b. A Toolkit for Ring-LWE Cryptography. In EUROCRYPT. 35–54.

7. Donald Donglong Chen, Nele Mentens, Frederik Vercauteren, Sujoy Sinha Roy, Ray C.C. Cheung, Derek Pao, and Ingrid Verbauwhede. 2014. High-speed Polynomial Multiplication Architecture for Ring-LWE and SHE Cryptosystems. IACR Cryptology ePrint Archive 2014 (2014), 646.

8. Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. 2014. Efficient Software Implementation of Ring-LWE Encryption. IACR Cryptology ePrint Archive 2014 (2014), 725.

9. Richard Lindner and Chris Peikert. 2011. Better Key Sizes (and Attacks) for LWEBased Encryption. In CT-RSA. 319–339.

10. James Howeand, Thomas Poppelmann, Maire O’Neill, Elizabeth O’Sullivan and Tim Guneysu. 2014. Practical Lattice-based Digital Signature Schemes. ACM Trans. Embedd. Comput. Syst. V, N, Article A (January YYYY), 25 p. DOI:http://dx.doi.org/10.1145/0000000.0000000.

11. Daniele Micciancio and Petros Mol. 2011. Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions. In CRYPTO. 465–484.

12. Daniele Micciancio and Chris Peikert. 2013. Hardness of SIS and LWE with Small Parameters. In CRYPTO (1). 21–39.

13. Zvika Brakerski, Adeline Langlois, Chris Peikert, Oded Regev, and Damien Stehle. 2013. Classical Hardness of Learning with Errors. In STOC. 575–584.

14. Oded Regev. 2005. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In STOC. 84–93.

15. Oded Regev. 2009. On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56, 6 (2009). 1

16. Aikata Aikata, Ahmet Can Mert, Malik Imran, Samuel Pagliarini, and Sujoy Sinha Roy. 2023. KaLi: A Crystal for Post-Quantum Security Using Kyber and Dilithium. IEEE Transactions on Circuits and Systems I: Regular Papers 70, 2 (2023), 747–758.

17. Erdem Alkim, Hülya Evkan, Norman Lahr, Ruben Niederhagen, and Richard Petri. 2020. ISA Extensions for Finite Field Arithmetic: Accelerating Kyber and NewHope on RISC-V. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 3 (Jun. 2020), 219–242.

18. Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2021. Crystals-Kyber Algorithm Specifications and Supporting Documentation (version 3.01). Retrieved September 2023 from https://pq-crystals.org/kyber/data/kyber-specificationround3-20210131.pdf

19. Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2021. Crystals-Dilithium Algorithm Specifications and Supporting Documentation (version 3.1). Retrieved September 2023 from https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf

20. Zhao C. et al. A Compact and high-performance hardware architecture for CRYSTALS-Dilithium. IACR Trans. Cryptograph. Hardware Embed. Syst. 2022, 270–295 (2022). ISSN 2569–2925. https://doi.org/10.46586/tches.v2022.i1.270-295. https://tches.iacr.org/index.php/TCHES/article/view/9297

21. Bai S. et al. CRYSTALS-Dilithium. https://pq-crystals.org/dilithium/resources.shtml

22. Miklos Ajtai, Ravi Kumar, and D. Sivakumar. 2001. A Sieve Algorithm for the Shortest Lattice Vector Problem. In STOC. 601–610.

23. Irit Dinur, Guy Kindler, Ran Raz, and Shmuel Safra. 2003. Approximating CVP to Within Almost Polynomial Factors is NP-Hard. Combinatorica 23, 2 (April 2003), 205–243.

24. Dan Boneh, Amit Sahai, and Brent Waters. 2011. Functional Encryption: Definitions and Challenges. In TCC. Vol. 6597.

25. Samuel Dov Gordon, Jonathan Katz, and Vinod Vaikuntanathan. 2010. A Group Signature Scheme from Lattice Assumptions. In ASIACRYPT. 395–412.

26. Jan Camenisch, Gregory Neven, and Markus Ruckert. 2012. Fully Anonymous Attribute Tokens from Lattices. In SCN. 57–75.

27. Fabien Laguillaumie, Adeline Langlois, Benoıt Libert, and Damien Stehle. 2013. Lattice-Based Group Signatures with Logarithmic Signature Size. In ASIACRYPT (2). 41–61.

28. Xavier Boyen. 2013. Attribute-Based Functional Encryption on Lattices. In TCC. 122–142.

29. Leo Ducas and Daniele Micciancio. 2014. Improved Short Lattice Signatures in the Standard Model. In CRYPTO. 335–352.

30. Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University.

31. Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In STOC. 169–178.

32. Thomas Poppelmann and Tim Guneysu. 2013. Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware. In Selected Areas in Cryptography. 68–85.

33. Norman Gottert, Thomas Feller, Michael Schneider, Johannes Buchmann, and Sorin A. Huss. 2012. On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes. In CHES. 512–529.

34. Sujoy Sinha Roy, Oscar Reparaz, Frederik Vercauteren, and Ingrid Verbauwhede. 2014. Compact and Side Channel Secure Discrete Gaussian Sampling. IACR Cryptology ePrint Archive 2014 (2014), 591.

35. Tim Guneysu, Vadim Lyubashevsky, and Thomas Poppelmann. 2012. Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems. In CHES. 530–547.

36. Thomas Poppelmann, Leo Ducas, and Tim Guneysu. 2014. Enhanced Lattice-Based Signatures on Reconfigurable Hardware. In CHES. 353–370. Full version: https://eprint.iacr.org/2014/254.pdf.

37. Thomas Poppelmann and Tim Guneysu. 2014. Area Optimization of Lightweight Lattice-Based Encryption on Reconfigurable Hardware. In ISCAS. 2796–2799.

38. Miklos Ajtai. 1996. Generating Hard Instances of Lattice Problems (Extended Abstract). In STOC. 99–108.

39. Adeline Langlois and Damien Stehle. 2014. Worst-case to average-case reductions for module lattices. Designs, Codes and Cryptography (2014).

40. Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On Ideal Lattices and Learning with Errors over Rings. In EUROCRYPT. 1–23.

41. Victor S Miller. 1986. Use of Elliptic Curves in Cryptography. In CRYPTO. 417–426.

42. Neal Koblitz. 1987. Elliptic Curve Cryptosystems. Math. Comp. (1987).

43. Молдовян Н.А., Петренко А.С. Типовые уравнения верификации в алгебраических схемах ЭЦП с двумя скрытыми группами // Вопросы кибербезопасности. 2024. № 6 (64). С. 98–107.

44. Duc-Thuan Dam, Trong-Hung Nguyen, Thai-Ha Tran, Binh Kieu-Do-Nguyen, TrongThuc Hoang, Cong-Kha Pham. 2024. An Efficient Method for Accelerating Kyber and Dilithium Post-Quantum Cryptography, 2024 21st Annual International Conference on Privacy, Security and Trust (PST), pp. 1–5, 2024.

45. Youngbeom Kim, Seungyong Yoon, Seog Chung Seo. 2024. Vectorized Implementation of Kyber and Dilithium on 32-bit Cortex-A Series. IEEE Access, vol. 12, pp. 104414- 104428, 2024.

46. Xinyi Ji, Jiankuo Dong, Tonggui Deng, Pinchang Zhang, Jiafeng Hua, Fu Xiao. 2024. HI-Kyber: A Novel High-Performance Implementation Scheme of Kyber Based on GPU. IEEE Transactions on Parallel and Distributed Systems, vol. 35, no. 6, pp. 877– 891, 2024.

47. D.C. Lawo, R. Frantz, A. Cano Aguilera, X. Arnal I Clemente, M.P. Podleś, José L. Imaña, I. Tafur Monroy, J.J. Vegas Olmos. 2024. Falcon/Kyber and Dilithium/Kyber Network Stack on Nvidia’s Data Processing Unit Platform. IEEE Access, vol. 12, pp. 38048–38056, 2024.

48. Naehrig M., Alkim E., Bos J., Ducas L., Easterbrook K., LaMacchia B., Longa P., Mironov I., Nikolaenko V., Peikert C., Raghunathan A., Stebila D.: Frodokem. 2017. Tech. rep., National Institute of Standards and Technology. URL: https://csrc.nist.gov/projects/post-quantum-cryptography.

49. Krawczyk H. 2005. HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (eds) Advances in Cryptology – CRYPTO 2005. CRYPTO 2005. Lecture Notes in Computer Science, vol 3621. Springer, Berlin, Heidelberg. https://doi. org/10.1007/11535218_33

50. Cloudflare, Inc. (n.d.). About Cloudflare. Retrieved from https://www.cloudflare.com

51. Zatlyn M. 2020. Cloudflare’s Role in Protecting the Open Internet. Cloudflare Blog. Retrieved from https://blog.cloudflare.com/cloudflaresrole-in-the-internet/

52. Ehren Kret and Rolfe Schmidt. 2024. The pqxdh key agreement protocol, 2024. URL: https://signal.org/docs/specifications/pqxdh/pqxdh.pdf

53. Langley A., Hamburg M., and Turner S. 2016. Elliptic Curves for Security. Internet Engineering Task Force; RFC 7748 (Informational); IETF, Jan2016. http://www.ietf.org/rfc/rfc7748.txt

54. Bernstein D.J., Duif N., Lange T., Schwabe P., and Yang B.-Y. 2012. High-speed high-security signatures, Journal of Cryptographic Engineering, vol. 2, no. 2, 2012. https://ed25519.cr.yp.to/ed25519-20110705.pdf

55. Bernstein D.J., Josefsson S., Lange T., Schwabe P., and Yang B.-Y. 2015. EdDSA for more curves. Cryptology ePrint Archive, Report 2015/677, 2015. http: //eprint.iacr. org/2015/677

56. Bernstein D.J. 2006. Curve25519: New Diffie-Hellman Speed Records, in Public Key Cryptography – PKC 2006: 9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24–26, 2006. Proceedings, Berlin, Heidelberg: Springer Berlin Heidelberg, 2006. https://cr. yp.to/ecdh/curve25519- 20060209.pdf

57. Langley A., Hamburg M. and Turner S. 2016. Elliptic Curves for Security. Internet Engineering Task Force; RFC 7748 (Informational); IETF, Jan-2016. http://www.ietf.org/rfc/rfc7748.txt

58. Douglas Stebila. 2024. Security analysis of the iMessage PQ3 protocol, Fev-2024. https://eprint.iacr.org/2024/357.pdf

59. Celi S., Wiggers T. 2021 KEMTLS: post-quantum TLS without signatures. Posting on the Cloudflare Blog (2021). https://blog.cloudflare.com/kemtls-post-quantum-tlswithout-signatures/

60. Schuster I., Krueger T., Gehl C., Rieck K., & Laskov P. (2010). Fips: First intrusion prevention system. Technical Report 1, Fraunhofer FIRST, 2010. URL: http://publica.fraunhofer.de/documents/N-148519.html

61. Mossad M. 2024. Side-Channel Analysis Platform for A Hardware Implementation of FIPS 203 (CRYSTALS-Kyber): дис. – University of South Florida, 2024.

62. Alagic G., Bros M., Ciadoux P., Cooper D., Dang Q., Dang T., ... & Waller N. (2024). Status Report on the First Round of the Additional Digital Signature Schemes for the NIST Post-Quantum Cryptography Standardization Process. NIST IR, 8528.

63. Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. 1988. A Digital Signature Scheme Secure Against Adaptive Chosen-message Attacks. SIAM J. Comput. 17, 2 (apr 1988), 281–308.

64. Bettina Helfrich. 1985. Algorithms to Construct Minkowski Reduced and Hermite Reduced Lattice Bases. Theor. Comput. Sci. 41, 2-3 (Dec. 1985), 125–139.

65. Daniele Micciancio. 2008. Efficient Reductions Among Lattice Problems. In SODA. 84–93.

66. Daniele Micciancio and Chris Peikert. 2012. Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller. In EUROCRYPT. 700–718.

67. Daniele Micciancio and Oded Regev. 2004. Worst-Case to Average-Case Reductions Based on Gaussian Measures. In FOCS. 372–381.

68. Daniele Micciancio and Oded Regev. 2007. Worst-Case to Average-Case Reductions Based on Gaussian Measures. SIAM J. Comput. 37, 1 (2007), 267–302.

69. Vadim Lyubashevsky. 2012. Lattice Signatures without Trapdoors. In EUROCRYPT. 738–755.

70. Nagarjun C. Dwarakanath and Steven D. Galbraith. 2014. Sampling from discrete Gaussians for latticebased cryptography on a constrained device. Appl. Algebra Eng. Commun. Comput. (2014), 159–180.

71. Chris Peikert. 2008. Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem. Electronic Colloquium on Computational Complexity (ECCC) 15, 100 (2008).

72. Daniele Micciancio. 2007. Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions. Comput. Complex. 16, 4 (Dec. 2007), 365–411.

73. Oded Goldreich, Shafi Goldwasser, and Shai Halevi. 1996. Public-Key Cryptosystems from Lattice Reduction Problems. Electronic Colloquium on Computational Complexity (ECCC) 3, 56 (1996).

74. Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A Ring-Based Public Key Cryptosystem. In ANTS. 267–288.

75. Jeffrey Hoffstein, Nick Howgrave-Graham, Jill Pipher, Joseph H. Silverman, and William Whyte. 2003. NTRUSign: Digital Signatures Using the NTRU Lattice. In CT-RSA. 122–140.

76. Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 2001. NSS: An NTRU Lattice-Based Signature Scheme. In EUROCRYPT. 211–228.

77. Craig Gentry, Jakob Jonsson, Jacques Stern, and Michael Szydlo. 2001. Cryptanalysis of the NTRU Signature Scheme (NSS). In ASIACRYPT. 1–20.

78. Craig Gentry and Michael Szydlo. 2002. Cryptanalysis of the Revised NTRU Signature Scheme. In EUROCRYPT. 299–320.

79. Phong Q. Nguyen and Oded Regev. 2009. Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures. J. Cryptology, 22, 2 (2009), 139–160.

80. Leo Ducas and Phong Q. Nguyen. 2012b. Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures. In ASIACRYPT. 433–450.

81. Johannes Buchmann, Richard Lindner, Markus Ruckert, and Michael Schneider. 2009. Post-Quantum Cryptography: Lattice Signatures. Computing, 85, 1-2 (2009), 105–125.

82. Carlos Aguilar Melchor, Xavier Boyen, Jean-Christophe Deneuville, and Philippe Gaborit. 2014. Sealing the Leak on Classical NTRU Signatures. In PQCrypto 2014. 1–21.

83. Xavier Boyen. 2010. Lattice Mixing and Vanishing Trapdoors: A Framework for Fully Secure Short Signatures and More. In PKC. 499–517.

84. Leo Ducas. 2014. Accelerating Bliss: the geometry of ternary polynomials. IACR Cryptology ePrint Archive 2014 (2014), 874.

85. Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Transactions on Information Theory, 22, 6 (1976), 644–654.

86. Mihir Bellare and Phillip Rogaway. 1993. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In ACM CCS. 62–73.

87. Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. 2008. Trapdoors For Hard Lattices And New Cryptographic Constructions. In STOC. 197–206.

88. Joel Alwen and Chris Peikert. 2011. Generating Shorter Bases for Hard Random Lattices. Theory Comput. Syst. 48, 3 (2011), 535–553.

89. Amos Fiat and Adi Shamir. 1986. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In CRYPTO. 186–194.

90. Michel Abdalla, Jee Hea An, Mihir Bellare, and Chanathip Namprempre. 2002. From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security. In EUROCRYPT. 418–433.

91. Claus-Peter Schnorr. 1989. Efficient Identification and Signatures for Smart Cards. In CRYPTO. 239–252.

92. Steven D. Galbraith. 2012. Mathematics of Public-Key Cryptography. Cambridge: Cambridge University Press. xiv. 452–459 p.

93. Vadim Lyubashevsky. 2009. Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. In ASIACRYPT. 598–616.

94. Michel Abdalla, Pierre-Alain Fouque, Vadim Lyubashevsky, and Mehdi Tibouchi. 2012. Tightly-Secure Signatures from Lossy Identification Schemes. In EUROCRYPT. 572–590.

95. Shi Bai and Steven D. Galbraith. 2014. An Improved Compression Technique for Signatures Based on Learning with Errors. In CT-RSA. 28–47.

96. Leo Ducas, Alain Durmus, Tancréde Lepoint, and Vadim Lyubashevsky. 2013. Lattice Signatures and Bimodal Gaussians. In CRYPTO (1). 40–56.

97. Rachid El Bansarkhani and Johannes Buchmann. 2013. Improvement and Efficient Implementation of a Lattice-Based Signature Scheme. In Selected Areas in Cryptography. 48–67.

98. Chris Peikert. 2010. An Efficient and Parallel Gaussian Sampler for Lattices. In RYPTO. 80–97.

99. Tim Guneysu, Tobias Oder, Thomas Poppelmann, and Peter Schwabe. 2013. Software Speed Records for Lattice-Based Signatures. In PQCrypto. 67–82.

100. Ahmad Boorghany and Rasool Jalili. 2014. Implementation and Comparison of Lattice-based Identification Protocols on Smart Cards and Microcontrollers. IACR Cryptology ePrint Archive 2014 (2014), 78.

101. Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013a. On Ideal Lattices and Learning with Errors over Rings. J. ACM, 60, 6 (2013), 43.

102. Thomas Prest, Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU https://falcon-sign.info/falcon.pdf

103. Craig Gentry, Chris Peikert, Vinod Vaikuntanathan. (2008). Trapdoors for Hard Lattices and New Cryptographic Constructions. https://ia.cr/2007/432

104. Dan Boneh, Özgür Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner, Mark Zhandry. (2011). Random Oracles in a Quantum World. Asiacrypt.

105. Jean-Sébastien Coron and Jesper Buus Nielsen, editors. EUROCRYPT 2017, Part I, volume 10210 of LNCS. Springer, Heidelberg, April / May 2017.

106. Молдовян Д.Н., Молдовян А.А., Молдовян Н.А. Новая концепция разработки постквантовых алгоритмов цифровой подписи на некоммутативных алгебрах // Вопросы кибербезопасности. 2022. № 1 (47). С. 18–25. DOI: 10.21681/2311-3456-2022-1-18-25.

107. Patrick Weiden, Andreas Hulsing, Daniel Cabarcas, and Johannes Buchmann. 2013. Instantiating Treeless Signature Schemes. IACR Cryptology ePrint Archive 2013 (2013), 65.

108. Ahmad Boorghany and Rasool Jalili. 2014. Implementation and Comparison of Lattice-based Identification Protocols on Smart Cards and Microcontrollers. IACR Cryptology ePrint Archive 2014 (2014), 78.

109. Ahmad Boorghany, Siavash Bayat Sarmadi, and Rasool Jalili. 2014. On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards. IACR Cryptology ePrint Archive 2014 (2014), 514.

110. Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process .https://csrc.nist.gov/pubs/ir/8545/final

111. Stanislaw Jarecki, Hugo Krawczyk, and Jason Resch. Updatable Oblivious Key Management for Storage Systems// https://ia.cr/2019/1275

112. Nir Bitansky, Zvika Brakerski, and Yael Tauman Kalai. Constructive Post-Quantum Reductions// https://ia.cr/2022/298