基于NTRU格上非球型离散高斯采样的优化  

作　　者：柴惠哲 唐春明[1] 贾惠文 CHA/Hui-zhe;TANG Chun-ming;JIA Hui-wen(School of Mathematics and Information Science,Guangzhou University,Guangzhou 510006,China)

机构地区：[1]广州大学数学与信息科学学院,广东广州510006

出　　处：《广州大学学报（自然科学版）》2024年第2期57-64,共8页Journal of Guangzhou University:Natural Science Edition

基　　金：国家重点研发计划资助项目(2021YFB3100200);国家自然科学基金资助项目(12171114)。

摘　　要：随着量子计算机的飞速发展,后量子密码成为研究热点。格密码因性能均衡、安全基础牢靠,以及功能丰富等特点成为后量子密码中的主流。原像采样是格密码中的核心算法,被广泛应用于诸多高级密码方案的构造,格上Hash-and-Sign数字签名是最简单、最直接的应用。从技术上原像采样算法分为GPV型和Peikert型,前者的特点是输出质量高,但算法通常只能串行执行;后者支持并行运算,但输出质量较差。文章将非球面高斯技术应用于NTRU格上的Peikert型采样算法,旨在提升其效率。具体选取了两种参数模式,和原始NTRU格上的Peikert型采样算法相比,模式1可以提高基于该采样算法数字签名的安全强度并降低签名尺寸;模式2在不降低安全性的前提下,可以进一步降低签名尺寸。实验结果表明,在模式1中,安全性提升约18%~20%,签名尺寸降低约15%;模式2保持安全性不变,但是签名尺寸降低约30%~35%。With the rapid development of quantum computers,post-quantum cryptography has become a research hotspot.Lattice cryptography has become the mainstream in post-quantum cryptography due to its balanced performance,solid security foundation,and rich functions.Pre-image sampling is the core algorithm in latice cryptography and is widely used in the construction of many advanced cryptography schemes.Hash-and-Sign digital signature on lattice is its simplest and most direct application.Technically,pre-image sampling algorithms are divided into GPV and Peikert.The former is characterized by high output quality,but the algorithm can usually only be executed serially;the latter supports parallel operations,but the output quality is poor.This article applies non-spherical Gaussian technology to the Peikert sampling algorithm on the NTRU lattice,aiming to improve its efficiency.Specifically,two parameter modes were selected.Compared with the Peikert sampling algorithm on the original NTRU lattice,mode 1 can improve the security strength of digital signatures based on this sampling algorithm and reduce the size of the signature;mode 2 does not reduce security.Under the premise,the signature size can be further reduced.Experimental results show that in mode 1,the security is improved by about 18%~20%and the signature size is reduced by about 15%;in mode 2,the security remains unchanged,but the signature size is reduced by about 30%~35%.

关 键 词：格密码 NTRU格 非球面高斯采样 

分 类 号：TN918.4[电子电信—通信与信息系统]