Provably Secure Code-Based Threshold Ring Signatures

  • Léonard Dallot
  • Damien Vergnaud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5921)


A threshold ring signature scheme enables a set of users to sign a message such that a finite set of possible signers (the ring) is identified, without revealing which subset of ring members actually produced the signature. A recent proposal of Aguillar et al. introduced the first code-based threshold ring signature scheme which large signatures (about 20KBytes per member of the ring for 80-bit security).

We propose a new code-based threshold ring signature scheme that achieves small signature size of 675N − 228ℓ bits, where N is the number of members in the ring and ℓ is the number of signers, for a security level of 80 bits. We give a security proof of our scheme whose security relies — in both random oracle and ideal cipher models — on two coding theory problems, making our scheme the first provably secure code-based threshold ring signature scheme. Unfortunately, as often in code-based cryptography, the presented scheme leads to very large public keys.


Hash Function Signature Scheme Ring Signature Random Oracle Parity Check Matrix 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AFG+08]
    Augot, D., Finiasz, M., Gaborit, P., Manuel, S., Sendrier, N.: Fast syndrome-based hash function. SHA-3 Proposal: FSB (2008),
  2. [AHR05]
    Adida, B., Hohenberger, S., Rives, R.L.: Ad-hoc-group signatures from hijacked keypairs. In: DIMACS Workshop on Theft in e-commerce (2005),
  3. [AMCG08]
    Aguilar Melchor, C., Cayrel, P.L., Gaborit, P.: A new efficient threshold ring signature scheme based on coding theory. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. [BCGO09]
    Berger, T., Cayrel, P.L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 60–76. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. [BKM06]
    Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. [BLP08]
    Bernstein, J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. [BMvT78]
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Trans. Inform. Th. 24 (1978)Google Scholar
  8. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  9. [BSS02]
    Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 465–480. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. [CFS01]
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. [CGH04]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. Journal of the ACM 51(4), 557–594 (2004)CrossRefMathSciNetGoogle Scholar
  12. [CGS07]
    Chandran, N., Groth, J., Sahai, A.: Ring signatures of sub-linear size without random oracles. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 423–434. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. [COV07]
    Cayrel, P.L., Otmani, A., Vergnaud, D.: On Kabatianskii-Krouk-Smeets signatures. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 237–251. Springer, Heidelberg (2007)Google Scholar
  14. [CPS08]
    Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)Google Scholar
  15. [CvH92]
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  16. [Dal08]
    Dallot, L.: Towards a concrete security proof of Courtois, Finiasz and Sendrier signature scheme. In: Lucks, S., Sadeghi, A.-R., Wolf, C. (eds.) WEWoRC 2007. LNCS, vol. 4945, pp. 65–77. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. [DH76]
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inform. Th. 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  18. [DKNS04]
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad-hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)Google Scholar
  19. [FS09]
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009), Google Scholar
  20. [JSI96]
    Jakobson, M., Sako, K., Implagliazzo, R.: Desingated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  21. [KI01]
    Kobara, K., Imai, I.: Semantically secure McEliece public-key cryptosystems — conversions for McEliece PKC. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. [LM09]
    Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Tai, X.-C., et al. (eds.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. [LN09]
    Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 445–464. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. [LS01]
    Loidreau, P., Sendrier, N.: Weak keys in McEliece public-key cryptosystem. IEEE Trans. Inform. Th. 47(3), 1207–1212 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  25. [MB09]
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from goppa codes. Cryptology ePrint Archive, Report 2009/187 (2009),
  26. [McE78]
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Technical report, DSN Progress report # 42-44, Jet Propulsion Laboratory, Pasadena, Californila (1978)Google Scholar
  27. [Nao02]
    Naor, M.: Deniable ring authentification. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 481–498. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. [OTD08]
    Otmani, A., Tillich, J.P., Dallot, L.: Cryptanalysis of a McEliece cryptosystem based on quasi-cyclic LDPC codes. In: Faugre, J.C., Wang, D. (eds.) Proceedings of the first international conference on symbolic computation and cryptography. LMIB, pp. 69–81 (2008)Google Scholar
  29. [RST01]
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. [Sen00]
    Sendrier, N.: Finding the permutation between equivalent codes: the support splitting algorithm. IEEE Trans. Inform. Th. 46, 1193–1203 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  31. [Sen02]
    Sendrier, N.: Cryptosystèmes à clé publique basés sur les codes correcteurs d’erreurs. Habilitation à diriger les recherches, Université Pierre et Marie Curie, Paris 6, Paris, France, Mars (2002) (in French)Google Scholar
  32. [Sha79]
    Shamir, A.: How to share a secret. Commun. of the ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  33. [Ste90]
    Stern, J.: An alternative to the Fiat-Shamir protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 173–180. Springer, Heidelberg (1990)Google Scholar
  34. [Ste96]
    Stern, J.: A new paradigm for public key identification. IEEE Trans. Inform. Th. 42(6), 1757–1768 (1996)zbMATHCrossRefGoogle Scholar
  35. [SW07]
    Shacham, H., Waters, B.: Efficient ring signatures without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 166–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. [ZLC07]
    Zheng, D., Li, X., Chen, K.: Code-based ring signature scheme. International Journal of Network Security 5(2), 154–157 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Léonard Dallot
    • 1
  • Damien Vergnaud
    • 2
  1. 1.GREYC – UMR 6072, Université de CaenCaen CedexFrance
  2. 2.Ecole Normale SupérieureC.N.R.S. – I.N.R.I.A.Paris CEDEX 05France

Personalised recommendations