Using Freivalds’ Algorithm to Accelerate Lattice-Based Signature Verifications

  • Arnaud SipasseuthEmail author
  • Thomas Plantard
  • Willy Susilo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


We present a novel computational technique to check whether a matrix-vector product is correct with a relatively high probability. While the idea could be related to verifiable delegated computations, most of the literature in this line of work focuses on provably secure functional aspects and do not provide clear computational techniques to verify whether a product \(xA = y\) is correct where x, A and y are not given nor computed by the party which requires validity checking: this is typically the case for some cryptographic lattice-based signature schemes. This paper focuses on the computational aspects and the improvement on both speed and memory when implementing such a verifier, and use a practical example: the Diagonal Reduction Signature (DRS) scheme as it was one of the candidates in the recent National Institute of Standards and Technology Post-Quantum Cryptography Standardization Calls for Proposals competition. We show that in the case of DRS, we can gain a factor of 20 in verification speed.


Diagonal Reduction Signature Post-Quantum Cryptography Lattice-based signatures NIST Delegated computation verification Lattice-based cryptography 


  1. 1.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: STOC 1997, pp. 284–293. ACM (1997)Google Scholar
  2. 2.
    Bajard, J.C., Eynard, J., Merkiche, N.: Multi-fault attack detection for RNS cryptographic architecture. IEEE 23rd Symposium on Computer Arithmetic, July 2016Google Scholar
  3. 3.
    Bajard, J.C., Imbert, L.: A full RNS implementation of RSA. IEEE Trans. Comput. 53(6), 769–774 (2004)CrossRefGoogle Scholar
  4. 4.
    Bajard, J.-C., Eynard, J., Hasan, M.A., Zucca, V.: A full RNS variant of FV like somewhat homomorphic encryption schemes. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 423–442. Springer, Cham (2017). Scholar
  5. 5.
    Bajard, J.C., Plantard, T.: RNS bases and conversions. In: Optical Science and Technology, the SPIE 49th Annual Meeting, pp. 60–69 (2004)Google Scholar
  6. 6.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system I: the user language. J. Symbolic Comput. 24(3–4), 235–265 (1997)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Brualdi, R.A., Ryser, H.J.: Combinatorial Matrix Theory, vol. 39. Cambridge University Press, Cambridge (1991)CrossRefGoogle Scholar
  8. 8.
    Dumas, J.-G.: Proof-of-work certificates that can be efficiently computed in the cloud (Invited Talk). In: Gerdt, V.P., Koepf, W., Seiler, W.M., Vorozhtsov, E.V. (eds.) CASC 2018. LNCS, vol. 11077, pp. 1–17. Springer, Cham (2018). Scholar
  9. 9.
    Dumas, J.-G., Zucca, V.: Prover efficient public verification of dense or sparse/structured matrix-vector multiplication. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 115–134. Springer, Cham (2017). Scholar
  10. 10.
    Freivalds, R.: Fast probabilistic algorithms. In: Bečvář, J. (ed.) MFCS 1979. LNCS, vol. 74, pp. 57–69. Springer, Heidelberg (1979). Scholar
  11. 11.
    Gama, N., Izabachène, M., Nguyen, P.Q., Xie, X.: Structural lattice reduction: generalized worst-case to average-case reductions and homomorphic cryptosystems. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 528–558. Springer, Heidelberg (2016). Scholar
  12. 12.
    Garner, H.L.: The residue number system. In: Papers Presented at the March 3-5, 1959, Western Joint Computer Conference, pp. 146–153. ACM (1959)Google Scholar
  13. 13.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. arXiv preprint: quant-ph/9605043 (1996)Google Scholar
  14. 14.
    Joye, M., Paillier, P.: Fast generation of prime numbers on portable devices: an update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006). Scholar
  15. 15.
    Kimbrel, T., Sinha, R.K.: A probabilistic algorithm for verifying matrix products using o(n2) time and log2(n) + o(1) random bits. Inf. Process. Lett. 45(2), 107–110 (1993)CrossRefGoogle Scholar
  16. 16.
    Maurer, U.M.: Fast generation of prime numbers and secure public-key cryptographic parameters. J. Cryptology 8(3), 123–155 (1995)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Micciancio, D.: Improving lattice based cryptosystems using the Hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001). Scholar
  18. 18.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. J. Cryptology 22(2), 139–160 (2009)MathSciNetCrossRefGoogle Scholar
  19. 19.
    NIST: Post-quantum cryptography standardization (2018).
  20. 20.
    Pernet, C., Stein, W.: Fast computation of Hermite normal forms of random integer matrices. J. Number Theory 130(7), 1675–1683 (2010)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Plantard, T., Sipasseuth, A., Dumondelle, C., Susilo, W.: DRS: diagonal dominant reduction for lattice-based signature. In: PQC Standardization Conference, Round 1 Submissions (2018).
  22. 22.
    Plantard, T., Susilo, W., Win, K.T.: A digital signature scheme based on CVP\(_{\infty }\). In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 288–307. Springer, Heidelberg (2008). Scholar
  23. 23.
    Regev, O.: New lattice-based cryptographic constructions. J. ACM (JACM) 51(6), 899–942 (2004)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Seiler, G.: Faster AVX2 optimized NTT multiplication for ring-LWE lattice cryptography. Cryptology ePrint Archive, Report 2018/039 (2018)Google Scholar
  25. 25.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefGoogle Scholar
  26. 26.
    e Silva, T.O.: Tables of values of pi(x) and of pi2(x) (2018).
  27. 27.
    Sipasseuth, A., Plantard, T., Susilo, W.: Improving the security of the DRS scheme with uniformly chosen random noise. In: Jang-Jaccard, J., Guo, F. (eds.) ACISP 2019. LNCS, vol. 11547, pp. 119–137. Springer, Cham (2019). Scholar
  28. 28.
    Yu, Y., Ducas, L.: Learning strikes again: the case of the DRS signature scheme. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 525–543. Springer, Cham (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Arnaud Sipasseuth
    • 1
    Email author
  • Thomas Plantard
    • 1
  • Willy Susilo
    • 1
  1. 1.Institute of Cybersecurity and Cryptology, School of Computing and Information TechnologyUniversity of WollongongWollongongAustralia

Personalised recommendations