sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-12-04 00:03:41 -05:00
Code Issues Projects Releases Wiki Activity

Move datasheet

Browse Source
This commit is contained in:
Douglas Stebila 2018-10-03 11:28:19 -04:00
parent a7a45c9238
commit cd97391640
1 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
docs/algorithms/sig_qtesla.md Normal file
View File

@ -0,0 +1,100 @@
Algorithm data sheet: `sig_qtesla`
==================================
Algorithm
---------
**Name:** qTesla
**Description:**
qTESLA is a family of post-quantum signature schemes based on the hardness of the decisional Ring Learning With Errors (R-LWE) problem. The scheme is an efficient variant of the Bai-Galbraith signature scheme, which in turn is based on the "Fiat-Shamir with Aborts" framework by Lyubashevsky, adapted to the setting of ideal lattices.
qTESLA utilizes two different approaches for parameter generation in order to target a wide range of application scenarios. The first approach, referred to as "heuristic qTESLA", follows a heuristic parameter generation. The second approach, referred to as "provably- secure qTESLA", follows a provably-secure parameter generation according to existing security reductions.
**Supporting research:**
- [qTesla] Sedat Akleylek, Erdem Alkim, Paulo S. L. M. Barreto, Nina Bindel, Johannes Buchmann, Edward Eaton, Gus Gutoski, Juliane Krämer, Patrick Longa, Harun Polat, Jefferson E. Ricardini, and Gustavo Zanon. qTesta NIST submission available at [https://qtesla.org/wp-content/uploads/2018/07/qTESLA_NIST_update_06.30.2018.zip].
Security
--------
**Security model:** existential unforgeability in the random oracle model (ROM), or quantum random oracle model (QROM).
**Underlying hard problem(s):** decisional Ring Learning With Errors (R-LWE).
Parameter set 1
---------------
`qTESLA_I` parameter set from [qTesla]
**Claimed classical security:**
- 104 bits
**Claimed quantum security:**
- 97 bits
**Data sizes:**
- Private key: 1216 bytes
- Public key: 1504 bytes
- Signature: 1376 bytes
Parameter set 2
---------------
`qTESLA_III_speed` parameter set from [qTesla]
**Claimed classical security:**
- 178 bits
**Claimed quantum security:**
- 164 bits
**Data sizes:**
- Private key: 2112 bytes
- Public key: 3104 bytes
- Signature: 2848 bytes
Parameter set 3
---------------
`qTESLA_III_size` parameter set from [qTesla]
**Claimed classical security:**
- 188 bits
**Claimed quantum security:**
- 169 bits
**Data sizes:**
- Private key: 2112 bytes
- Public key: 2976 bytes
- Signature: 2720 bytes
Implementation
--------------
**Source of implementation:** https://github.com/qtesla/qTesla
**License:** public domain
**Language:** C
**Constant-time:** Yes
**Testing:**
- Correctness: covered by test harness `test_sig`
- Statistics of signatures: covered by test harness `test_sig`
- Static analysis:
- `scan_build`