Compact Lattice Gadget and Its Applications to Hash-and-Sign Signatures

Lattice gadgets and the associated algorithms are essential building blocks of lattice-based cryptography. In past decade, they have been applied to build versatile powerful cryptosystems. However, practical optimizations designs gadget-based schemes generally lag their theoretical constructions. For example, signatures elegant design capability extending more advanced primitives, but far less efficient than other signatures. This work aims improve practicality cryptosystems, with a focus on hash-and-sign To this end, we develop compact gadget framework in which used is square matrix instead short fat one previous gadget, devise specialized sampler, called semi-random compute approximate preimage. It first deterministically computes error then randomly samples We show that for uniformly random targets, preimage distributions simulatable without knowing trapdoor. ensures security signature applications. Compared Gaussian-distributed errors algorithms, deterministic smaller size, lead substantial gain enables practically working instantiation. As applications, present two based NTRU Ring-LWE respectively. The NTRU-based scheme offers comparable efficiency Falcon Mitaka simple implementation need generating LWE-based also achieves desirable overall performance. not only greatly outperforms state-of-the-art signatures, has an even size Fiat-Shamir Dilithium. These results fill long-term gap