Round 1 (Additional Signatures) OFFICIAL COMMENT: AIMer Signature Scheme

[Kim Seongkwang]

Dear all,

We are pleased to announce AIMer v2.1.

Although we present a poster [1] of AIMer v2.0 at the 5th NIST PQC Standardization Conference, we briefly summarize the changes both in v2.0 and v2.1 for whom never heard of it.

(v1.0->v2.0)

- We replaced the symmetric primitive AIM by AIM2, which effectively prevents the attacks on AIM.

- The EUF-CMA security proof provides the full bound, rather than the birthday bound in v1.0.

- We optimized the implementation with respect to both time and memory (up to 29% faster signing, up to 96% memory usage reduction in verification).

- Message is now hashed with some randomizers before it is fed into the challenge hash functions.

- The number of parameters are reduced from 4 to 2 for each security category.

(v2.0->v2.1)

- We add a memory-optimized C implementation for memory-constrained devices. All the implementation uses less than 640KB of RAM. A separate optimized implementation for ARM Cortex-M4 will be publicly available soon.

- ARM64 implementations now support SIMD operations for SHAKE, and can be compiled in Apple M series.

- We address some recommendations on side-channel attacks of Bernstein [2].

For the detailed specification, visit our website [3] and see the documentation [4].

We appreciate all who comments on AIMer, especially including Bernstein.

Meanwhile, we open a github repository [5] which contains all the versions of AIMer.

We hope that it makes our codes more accessible.

Cheers,

Seongkwang Kim (on behalf of the AIMer team)

[1] AIMer v2.0 poster: https://aimer-signature.org/docs/AIMer-NIST-Poster-v2.0.pdf 

[2] KpqC-bulletin: https://groups.google.com/g/kpqc-bulletin/c/_Gb2n7ZwlTo 

[3] AIMer website: https://aimer-signature.org 

[4] AIMer v2.1 specification: https://aimer-signature.org/docs/AIMer-specification-v2.1.pdf 

[5] AIMer github repo: https://github.com/samsungsds-research-papers/AIMer