Falcon Overview

Table of contents

1. Falcon - Parameter set summary
2. Falcon-padded-1024 overview
3. NIST
4. API overview
5. Example

• Algorithm type: Digital signature scheme.
• Main cryptographic assumption: Hardness of NTRU lattice problems.
• Principal submitters: Thomas Prest.
• Auxiliary submitters: Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Prest, Thomas Ricosset, Gregor Seiler, William Whyte, Zhenfei Zhang.

• Authors’ website: https://falcon-sign.info

• Copyright: The following provision applies to this part of the software as an additional term to the license:

Copyright (c) 2017-2019 Falcon Project

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Falcon - Parameter set summary

• Security Model - EUF-CMA
• Claimed NIST Level - 5
• Public key size - 1793 bytes
• Private key size - 2305 bytes
• Signature size - 1280 bytes

Falcon-padded-1024 overview

Falcon-padded-1024 is a variant of the Falcon digital signature algorithm, specifically designed to offer robust security features in anticipation of the quantum computing era. It builds upon the foundational lattice-based cryptographic principles, making it inherently resistant to the types of attacks that quantum computers could potentially unleash on traditional encryption mechanisms. Here are some critical aspects of Falcon-padded-1024:

• Quantum-resistant Algorithm: Falcon-padded-1024 is developed to secure digital communication against both current and future threats, including those posed by quantum computing advancements. Falcon

• Lattice-based Cryptography: Utilizing NTRU lattices and fast Fourier sampling, Falcon-padded-1024 is based on the cutting-edge GPV framework, ensuring its security by relying on the hardness of lattice problems considered to be secure against quantum attacks. Falcon - a Post-Quantum Signature Scheme

• Fixed-size Signatures: The ‘padded’ aspect refers to its unique ability to produce fixed-size signatures, ensuring uniformity and potentially enhancing security and privacy by preventing signature size-based side-channel attacks.

• High Security Level: Tailored for scenarios requiring an elevated level of security, it offers significant protection against existing cryptographic attacks, making it suitable for sensitive data protection.

NIST

NIST has recognized Falcon 1024 as a key digital signature scheme in its Post-Quantum Cryptography (PQC) standardization process, aiming to secure cryptographic practices against future quantum computing threats. This effort includes selecting algorithms that demonstrate resilience to quantum attacks, among which Falcon 1024 stands out for its quantum resistance, based on structured lattices and hash functions. As part of the third round of the PQC standardization process, Falcon 1024, with its reliance on NTRU lattices for compact signatures, has been slated for standardization. NIST’s initiative also invites public feedback to refine and finalize these standards, ensuring a broad consensus and robustness of the adopted cryptographic measures. Falcon 1024’s implementation in cryptographic libraries and its selection for standardization highlight its significance in the transition towards quantum-resistant cryptography.

Links:

• NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers, August 24, 2023
• NIST Announces First Four Quantum-Resistant Cryptographic Algorithms, July 05, 2022

API overview

To include the necessary library, please refer to the Getting Started Guide. After following the guide, include the pqc/falcon.h header in your code. All Signature Schemes algorithms have a unified API. For Falcon 1024, you can set the algorithm to work using the constant.

PQC_CIPHER_FALCON. To learn about all the available methods for signature algorithms, visit the Signature Schemes Generic API Overview page.

Example

Code

#include <filesystem>
#include <fstream>
#include <iostream>
#include <vector>

#include <pqc/falcon.h>

// Macros simplify the creation of byte vectors for Falcon private and public keys
#define FALCON_PRIVATE(x) std::vector<uint8_t> x(sizeof(pqc_falcon_private_key))
#define FALCON_PUBLIC(x) std::vector<uint8_t> x(sizeof(pqc_falcon_public_key))

int main()
{

    // Initialize byte vectors to hold Falcon's private and public keys for Alice
    FALCON_PRIVATE(priv_alice);
    FALCON_PUBLIC(pub_alice);

    // Generate a Falcon key pair for Alice
    size_t generateResult = PQC_generate_key_pair(
        PQC_CIPHER_FALCON, pub_alice.data(), pub_alice.size(), priv_alice.data(), priv_alice.size()
    );

    if (generateResult != PQC_OK)
    {
        std::cout << "\nKey generation failed!\n" << std::endl;
    }

    // Check if key generation was successful
    CIPHER_HANDLE falconContextAlice = PQC_init_context(PQC_CIPHER_FALCON, priv_alice.data(), priv_alice.size());
    if (falconContextAlice == PQC_BAD_CIPHER)
    {
        std::cout << "\nFailed to initialize cryptographic context!\n" << std::endl;
    }

    // Define a message that will be signed using Falcon's signature algorithm
    char message[] = "Here is my message I will sign by Falcon signature algorithm!";

    // Allocate a structure to hold the signature generated by Falcon
    pqc_falcon_signature signature;

    // Sign the message with Falcon's algorithm using Alice's context
    size_t signResult =
        PQC_sign(falconContextAlice, (uint8_t *)message, sizeof(message), (uint8_t *)&signature, sizeof(signature));

    // Check if the signing process was successful
    if (signResult != PQC_OK)
    {
        std::cout << "\nSSigning process failed!\n" << std::endl;
    }

    // Attempt to verify the signature of the signed message using Alice's public key
    size_t verifyResult = PQC_verify(
        PQC_CIPHER_FALCON, pub_alice.data(), pub_alice.size(), (uint8_t *)message, sizeof(message),
        (uint8_t *)&signature, sizeof(signature)
    );

    // Check the result of the signature verification
    if (verifyResult == PQC_OK)
    {
        std::cout << "\nSignature is valid!\n" << std::endl;
    }
    else
    {
        std::cout << "\nSignature verification failed!\n" << std::endl;
    }

    return 0;
}