Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes
This work provides a code-based cryptographic scheme for secure digital signatures, addressing the need for post-quantum alternatives, though it appears incremental as it builds on existing GPV strategies and assumptions.
The authors tackled the problem of designing a new family of trapdoor one-way preimage sampleable functions based on codes, resulting in a 'hash-and-sign' signature scheme with 128-bit classical security, featuring signature sizes around 15,000 bits, public key sizes around 4 MB, and a rejection rate of about one per 10-12 signatures.
We present here a new family of trapdoor one-way Preimage Sampleable Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is one-way under two computational assumptions: the hardness of generic decoding for high weights and the indistinguishability of generalized $(U,U+V)$-codes. Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we ensure the proper distribution for the trapdoor inverse output. The domain sampling property of our family is ensured by using and proving a variant of the left-over hash lemma. We instantiate the new Wave-PSF family with ternary generalized $(U,U+V)$-codes to design a "hash-and-sign" signature scheme which achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model. For 128 bits of classical security, signature sizes are in the order of 15 thousand bits, the public key size in the order of 4 megabytes, and the rejection rate is limited to one rejection every 10 to 12 signatures.