Fast Fourier Orthogonalization over NTRU Lattices

FALCON is an efficient and compact lattice-based signature scheme. It is also one of the round 3 finalists in the NIST PQC standardization process. The core of FALCON is a trapdoor sampling algorithm, which has found numerous applications in lattice-based cryptography. It needs the fast Fourier orthogonalization algorithm to build an LDL tree. But the LDL tree needs much RAM to store, which may limit the application of FALCON on memory-constrained devices. On the other hand, if building the LDL tree dynamically, the signature cost will almost double. In this work, we discover the LDL tree of FALCON has some symmetric structure, and prove why this phenomenon occurs. With this property, we can reduce the generation time and storage of the LDL tree by almost half without affecting the efficiency of FALCON. We verify the correctness and validity of our way in the implementations of FALCON. In addition, the result applies to the cyclotomic field $$\mathbb {Q}[x]/(x^n-x^{n/2}+1)$$ with $$n = 3 \cdot 2 ^\kappa $$ . But we can not apply it to NTRU module lattices so far.