Post-Quantum Cryptography

S N O V A

Digital Signature Schemes

Introduction

SNOVA is a digital signature algorithm that was submitted to the NIST Post-Quantum Cryptography Project in May 2023, its full name is “Simple Noncommutative-ring based UOV with key-randomness Alignment”, SNOVA is a simplified version of NOVA.

Features

The SNOVA digital signature algorithm is a variant of the UOV algorithm, retaining the UOV's characteristic of short signatures while offering a shorter public key length compared to the traditional UOV algorithm, thereby providing advantages in both security and efficiency aspects of digital signatures.

Furthermore, the SNOVA algorithm provides three different parameter options for each security level, including various combinations of public key and signature lengths. This feature brings greater flexibility and adaptability to the application side, enabling SNOVA to be well-suited for diverse scenarios, whether it be resource-constrained devices or applications requiring high-security protection, as it allows for the selection of parameter configurations that best suit the specific use case.

Parameters

SL (v, o, q, l)  public key size sign size private key size (esk) private key size (ssk)
I (28, 17, 16, 2) 9826(+16) 90(+16) 60008(+48) 48
(25, 8, 16, 3) 2304(+16) 148.5(+16) 37962(+48)
(24, 5, 16, 4) 1000(+16) 232(+16) 34112(+48)
III (43, 25, 16, 2) 31250(+16) 136(+16) 202132(+48)
(49, 11, 16, 3) 5989.5(+16) 270(+16) 174798(+48)
(37, 8, 16, 4) 4096(+16) 360(+16) 128384(+48)
V (61, 33, 16, 2) 71874(+16) 188(+16) 515360(+48)
(66, 15, 16, 3) 15187.5(+16) 364.5(+16) 432297(+48)
(60, 10, 16, 4) 8000(+16) 560(+16) 389312(+48)

Table of key-sizes and lengths of the signature of SNOVA parameter settings. (bytes)