Advertisement

Public Key Compression for Constrained Linear Signature Schemes

  • Ward Beullens
  • Bart Preneel
  • Alan SzepieniecEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)

Abstract

We formalize the notion of a constrained linear trapdoor as an abstract strategy for the generation of signature schemes, concrete instantiations of which can be found in MQ-based, code-based, and lattice-based cryptography. Moreover, we revisit and expand on a transformation by Szepieniec et al. [39] to shrink the public key at the cost of a larger signature while reducing their combined size. This transformation can be used in a way that is provably secure in the random oracle model, and in a more aggressive variant whose security remained unproven. In this paper we show that this transformation applies to any constrained linear trapdoor signature scheme, and prove the security of the first mode in the quantum random oracle model. Moreover, we identify a property of constrained linear trapdoors that is sufficient (and necessary) for the more aggressive variant to be secure in the quantum random oracle model. We apply the transformation to an MQ-based scheme, a code-based scheme and a lattice-based scheme targeting 128-bits of post quantum security, and we show that in some cases the combined size of a signature and a public key can be reduced by more than a factor 300.

Keywords

Digital signatures Post-quantum Quantum random oracle model Key size reduction 

Notes

Acknowledgements

This work was supported in part by the Research Council KU Leuven: C16/15/058. In addition, this work was supported by the European Commission through the EC H2020 FENTEC under grant agreement No 780108. In addition, this work was supported by imec through ICON Diskman and by FWO through SBO SPITE S002417N. Ward Beullens is funded by an FWO SB fellowship. Alan Szepieniec is being supported by a doctoral grant from the Flemish Agency for Innovation and Entrepreneurship (VLAIO, formerly IWT).

References

  1. 1.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Alperin-Sheriff, J., Lee, Y., Perlner, R., Lee, W., Moody, D.: Official comments on pqsigRM (2018). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/pqsigRM-official-comment.pdf
  3. 3.
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. In: Albers, S., Marion, J. (eds.) 26th International Symposium on Theoretical Aspects of Computer Science, STACS 2009. Proceedings of LIPIcs, Freiburg, Germany, 26–28 February 2009, vol. 3, pp. 75–86. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany (2009).  https://doi.org/10.4230/LIPIcs.STACS.2009.1832
  4. 4.
    Aumasson, J.P., Endignoux, G.: Improving stateless hash-based signatures. Cryptology ePrint Archive, Report 2017/933 (2017). http://eprint.iacr.org/2017/933
  5. 5.
    Bernstein, D., et al.: SPHINCS: Practical Stateless Hash-Based Signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_15CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_3CrossRefzbMATHGoogle Scholar
  7. 7.
    Chen, M.-S., Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass \(\cal{MQ}\)-based identification to \(\cal{MQ}\)-based signatures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 135–165. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_5CrossRefGoogle Scholar
  8. 8.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_10CrossRefGoogle Scholar
  9. 9.
    Debris-Alazard, T., Sendrier, N., Tillich, J.: A new signature scheme based on (U\(\vert \)U+V) codes. IACR Cryptology ePrint Archive 2017/662 (2017). http://eprint.iacr.org/2017/662
  10. 10.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (1976).  https://doi.org/10.1109/TIT.1976.1055638MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005).  https://doi.org/10.1007/11496137_12CrossRefGoogle Scholar
  12. 12.
    Faugère, J.C., Perret, L., Ryckeghem, J.: DualModeMS: a dual mode for Multivariate-based signature 20170918 draft. UPMC-Paris 6 Sorbonne Universités; INRIA Paris; CNRS (2017)Google Scholar
  13. 13.
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_6. [24]CrossRefGoogle Scholar
  14. 14.
    Fouque, P.A., et al.: Falcon (2017). submission to the NIST PQC projectGoogle Scholar
  15. 15.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 197–206. ACM (2008).  https://doi.org/10.1145/1374376.1374407
  16. 16.
    Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052231CrossRefGoogle Scholar
  17. 17.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988).  https://doi.org/10.1137/0217017MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_31CrossRefzbMATHGoogle Scholar
  19. 19.
    Høyer, P., Neerbek, J., Shi, Y.: Quantum complexities of ordered searching, sorting, and element distinctness. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 346–357. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-48224-5_29CrossRefzbMATHGoogle Scholar
  20. 20.
    Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_15CrossRefGoogle Scholar
  21. 21.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_15CrossRefGoogle Scholar
  22. 22.
    Lee, W., Kim, Y.S., Lee, Y.W., Kim, J.-S.: pqsigRM (2017). submission to the NIST PQC projectGoogle Scholar
  23. 23.
    Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_35. [24]CrossRefGoogle Scholar
  24. 24.
    Matsui, M. (ed.): ASIACRYPT 2009. LNCS, vol. 5912. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7CrossRefzbMATHGoogle Scholar
  25. 25.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988).  https://doi.org/10.1007/3-540-45961-8_39CrossRefGoogle Scholar
  26. 26.
    Merkle, R.C., Charles, R., et al.: Secrecy, authentication, and public key systems (1979)Google Scholar
  27. 27.
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. IACR Cryptology ePrint Archive 2011/501 (2011). http://eprint.iacr.org/2011/501
  28. 28.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-540-88702-7_5CrossRefzbMATHGoogle Scholar
  29. 29.
    National Institute for Standards and Technology (NIST): post-quantum crypto standardization (2018). http://csrc.nist.gov/groups/ST/post-quantum-crypto/
  30. 30.
    National Institute of Standards and Technology: FIPS PUB 186–4: Digital Signature Standard (DSS) (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
  31. 31.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_17CrossRefGoogle Scholar
  32. 32.
    Patarin, J.: Hidden fields equations (HFE) and Isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_4CrossRefGoogle Scholar
  33. 33.
    Petzoldt, A., Bulygin, S., Buchmann, J.: CyclicRainbow – a multivariate signature scheme with a partially cyclic public key. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 33–48. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17401-8_4CrossRefGoogle Scholar
  34. 34.
    Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_14CrossRefGoogle Scholar
  35. 35.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978).  https://doi.org/10.1145/359340.359342MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_22CrossRefGoogle Scholar
  37. 37.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994).  https://doi.org/10.1109/SFCS.1994.365700
  38. 38.
    Stern, J.: A new paradigm for public key identification. IEEE Trans. Inf. Theor. 42(6), 1757–1768 (1996).  https://doi.org/10.1109/18.556672MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Szepieniec, A., Beullens, W., Preneel, B.: MQ signatures for PKI. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 224–240. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_13CrossRefGoogle Scholar
  40. 40.
    Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 755–784. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_25CrossRefzbMATHGoogle Scholar
  41. 41.
    Wendl, M.C.: Collision probability between sets of random variables. Stat. Probab. Lett. 64(3), 249–254 (2003)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.imec-COSIC KU LeuvenLeuvenBelgium

Personalised recommendations