One Bit to Rule Them All - Imperfect Randomness Harms Lattice Signatures

Download PDF
Open Webpage

Simon Damm, Nicolai Kraus, Alexander May, Julian Nowakowski, Jonas Thietke

Published: 01 Jan 2025, Last Modified: 14 Nov 2025PKC (1) 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The Fiat-Shamir transform is one of the most widely applied methods for secure signature construction. Fiat-Shamir starts with an interactive zero-knowledge identification protocol and transforms this via a hash function into a non-interactive signature. The protocol’s zero-knowledge property ensures that a signature does not leak information on its secret key \(\textbf{s}\), which is achieved by blinding \(\textbf{s}\) via proper randomness \(\textbf{y}\). Most prominent Fiat-Shamir examples are DSA signatures and the new post-quantum standard Dilithium.