CRYSTALS-Dilithium Quantum Security Evaluation

SelfTargetMSIS hardness proof for Dilithium security.

The National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols resistant to quantum attacks. CRYSTALS-Dilithium is the primary digital signature scheme chosen. The security of Dilithium is based on three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. A new security proof for Dilithium under specific parameter settings is provided. The security analysis is based on existential unforgeability against chosen message attacks. The Quantum Random Oracle Model (QROM) is utilized for hash functions. Dilithium is based on arithmetic over the ring Rq := Zq[X]/(Xn + 1). The Dilithium signature scheme is described, and known security results are discussed. The main focus is on the security proof for SelfTargetMSIS, reducing it to MLWE.

q = 1 mod 2n Public key size and signature size are about 2.9× and 1.3× larger, respectively q = 1 mod 2n crucial for efficient implementation

"Our proof uses recently developed techniques in quantum reprogramming and rewinding."