HAETAE: Post-Quantum Digital Signature

HAETAE is a module lattice-based signature scheme for shorter and easily maskable signatures. While based on the Fiat-Shamir with Aborts paradigm, like the NIST-selected Dilithium signature scheme, our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited scenarios such as DNSSEC. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against various attacks.

Design rationale

Fiat-Shamir with Aborts

HAETAE follows the "Fiat-Shamir with Aborts" paradigm, like Dilithium or BLISS, which guarantees quantum security (in the QROM).

Module structure

HAETAE relies on module lattices to offer more flexibility and smaller sizes without sacrificing implementation efficiency. The size-speed trade-offs make it easy to vary the security and update the parameter sets.

Bimodal distribution

To reduce the sizes, we use a bimodal distribution for the rejection sampling, like in the BLISS signature scheme, instead of a "unimodal" distribution like Dilithium.

Hyperball uniform sampling

We use uniform distributions over hyperballs, recently introduced in [DFPS22], instead of the SCA-vulnerable discrete Gaussian distributions used in BLISS.

Compact compression & encoding

We further reduce the key and the signature sizes by truncating the verification key and compressing and encoding the signature.

On/off-line acceleration

HAETAE can be accelerated significantly by precomputing the hyperball samples.

Resources

Specifications and Implementations

2024.07.04. v3.0 [spec] [code]
2024.02.23. v2.1 [spec] [code]
2023.11.29. v2.0 [spec] [code] (including AVX2 optimized implementations)

2023.05.02. v1.0 [spec] [code]
2022.11.22. v0.9 [spec] [code] (from KpqC round 1 submission package)

Papers

HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures

Jung Hee Cheon, Hyeongmin Choe, Julien Devevey, Tim Güneysu, Dongyeon Hong, Markus Krausz, Georg Land, Marc Möller, Damien Stehlé, MinJune Yi, In IACR TCHES 2024(3), 25-75. [doi] [eprint]

Team HAETAE

The HAETAE team consists of the following members.

Jung Hee Cheon (Seoul National University (SNU) & CryptoLab Inc.)
Hyeongmin Choe (SNU)
Julien Devevey (ANSSI)
Tim Güneysu (Ruhr University Bochum & DFKI)
Dongyeon Hong (Samsung Electronics)
Markus Krausz (TÜV Informationstechnik GmbH)

Georg Land (Ruhr University Bochum)
Marc Möller (Ruhr University Bochum) *
Junbum Shin (CryptoLab Inc.)
Damien Stehlé (CryptoLab Inc.)
MineJune Yi (SNU)

*From KpqC round 2, Marc Möller joined Team HAETAE.