Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Evaluating the QROM Hardness of Cryptographic Assumptions in CRYSTALS-Dilithium

May 17, 2023


Kelsey Jackson - University of Maryland (USA)


Abstract. NIST intends to standardize a new generation of cryptographic schemes secure against quantum adversaries.  Their primary choice for a secure digital signature scheme is CRYSTALS-Dilithium. CRYSTALS-Dilithium is based on three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. The first two, MLWE and MSIS, are well-studied and widely held to be secure, but the latter, SelfTargetMSIS, is novel and its quantum hardness is uncertain. In this talk we will review the current security understandings for all three of these problems. Then, we will utilize a lifting theorem developed by Yamakawa and Zhandry to prove that SelfTargetMSIS is asymptotically at least as hard as MSIS in the Quantum Random Oracle Model (QROM). We also examine the resulting parameter shifts for concrete security settings.

Based on joint work with Carl Miller.

Suggested readings:,

Presented at

Crypto Reading Club talk on 2023-May-17

Parent Project

See: Crypto Reading Club

Related Topics

Security and Privacy: cryptography

Created May 03, 2023, Updated May 05, 2023