Revisiting TESLA in the Quantum Random Oracle Model

ALKIM E., Bindel N., Buchmann J., Dagdelen Ö., Eaton E., Gutoski G., ...More

PQCrypto 2017: Post-Quantum Cryptography, Utrecht, Netherlands, 26 - 28 June 2017, pp.143-162 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1007/978-3-319-59879-6_9
  • City: Utrecht
  • Country: Netherlands
  • Page Numbers: pp.143-162
  • Keywords: Quantum random oracle, Post quantum cryptography, Lattice-based cryptography, Signature scheme, Tight security reduction, SIGNATURE, SECURITY, EFFICIENT
  • Dokuz Eylül University Affiliated: No


We study a scheme of Bai and Galbraith (CT-RSA'14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM). Moreover, a variant using chameleon hash functions was lifted to the quantum random oracle model (QROM). However, both reductions were later found to be flawed and hence it remained unresolved until now whether TESLA can be proven to be tightly secure in the (Q)ROM.