HAETAE (KPQC)
Korean Post-Quantum Lattice-based Digital Signature Algorithm
Overview
HAETAE is a lattice-based digital signature algorithm developed as part of the Korean Post-Quantum Cryptography (KPQC) competition. It provides EUF-CMA-secure digital signatures using a Fiat-Shamir with Aborts approach similar to ML-DSA (Dilithium), but with a different underlying lattice structure and rejection sampling strategy optimized for the Korean standardization requirements.
HAETAE targets practical signature generation and verification with competitive key and signature sizes relative to other lattice-based signature schemes.
Specifications
| Parameter Set | KPQC Level | Description |
|---|---|---|
| HAETAE-2 | 2 | Targeting security equivalent to SHA-256 collision resistance against quantum adversaries |
| HAETAE-3 | 3 | Targeting security equivalent to AES-192 against quantum adversaries |
| HAETAE-5 | 5 | Targeting security equivalent to AES-256 against quantum adversaries |
Core operations:
KeyGen()— Generate a signing key pairSign(sk, msg)— Produce a signature over a messageVerify(pk, msg, sig)— Verify a signature against a public key and message
Security
- Security notion: EUF-CMA (existential unforgeability under chosen-message attack)
- Hardness assumptions: Lattice-based problems (Module-LWE / Module-SIS variants)
- Signing method: Fiat-Shamir with Aborts — rejection sampling ensures signatures do not leak secret key information
- Korean standardization: Developed and evaluated under the KPQC competition framework
Hardware Acceleration
HAETAE benefits from AVX-2 SIMD acceleration across multiple core operations used in signing and verification.
| Acceleration | Target | Operations |
|---|---|---|
| AVX-2 | x86-64 | Packing/unpacking, polynomial fixed-point arithmetic (polyfix), polynomial matrix operations (polymat), FFT, polynomial operations (poly) |
The AVX-2 optimizations cover the full critical path: coefficient packing for serialization, fixed-point polynomial arithmetic used in the rejection sampling loop, matrix-vector products for key generation and verification, and the FFT/NTT transforms that underpin all polynomial multiplication.
Platform Support — Kotlin Implementation
HAETAE includes a complete Kotlin implementation featuring:
- Pure SHAKE-256 implementation (zero external dependencies)
- Full key generation, signing, and verification
- KPQC KAT vector validation
| Platform | Language | Implementation Path |
|---|---|---|
| Native | C | metamui-crypto-c/ |
| Systems | Rust | metamui-crypto-rust/ |
| Backend | Go | metamui-crypto-go/ |
| Data Science | Python | metamui-crypto-python/ |
| JVM | Java | metamui-crypto-java/ |
| JVM/Android | Kotlin | metamui-crypto-kotlin/ |
| .NET | C# | metamui-crypto-csharp/ |
| Apple | Swift | metamui-crypto-swift/ |
| Web | TypeScript | metamui-crypto-typescript/ |
| Browser/Edge | WASM | metamui-crypto-wasm/ |
API Example
// Key generation
let (pk, sk) = haetae3::keygen(&mut rng);
// Signing
let message = b"Document to be signed";
let signature = haetae3::sign(&sk, message);
// Verification
let is_valid = haetae3::verify(&pk, message, &signature);
assert!(is_valid);
Test Vectors
- Format: KPQC KAT (Known Answer Test) vectors
- Coverage: KeyGen, Sign, Verify for all parameter sets
References
- KPQC Competition — Korean Post-Quantum Cryptography competition. Organized by the Korean government to standardize quantum-resistant algorithms for Korean national standards.
- HAETAE Specification — HAETAE Algorithm Specifications and Supporting Documentation. Submitted to the KPQC competition.
- Fiat-Shamir with Aborts — Lyubashevsky, V. Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. ASIACRYPT 2009.