Provably Secure Code-Based Threshold Ring Signatures

  • Léonard Dallot
  • Damien Vergnaud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5921)

Abstract

A threshold ring signature scheme enables a set of users to sign a message such that a finite set of possible signers (the ring) is identified, without revealing which subset of ring members actually produced the signature. A recent proposal of Aguillar et al. introduced the first code-based threshold ring signature scheme which large signatures (about 20KBytes per member of the ring for 80-bit security).

We propose a new code-based threshold ring signature scheme that achieves small signature size of 675N − 228ℓ bits, where N is the number of members in the ring and ℓ is the number of signers, for a security level of 80 bits. We give a security proof of our scheme whose security relies — in both random oracle and ideal cipher models — on two coding theory problems, making our scheme the first provably secure code-based threshold ring signature scheme. Unfortunately, as often in code-based cryptography, the presented scheme leads to very large public keys.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AFG+08]
    Augot, D., Finiasz, M., Gaborit, P., Manuel, S., Sendrier, N.: Fast syndrome-based hash function. SHA-3 Proposal: FSB (2008), http://www-roc.inria.fr/secret/CBCrypto/index.php?pg=fsb
  2. [AHR05]
    Adida, B., Hohenberger, S., Rives, R.L.: Ad-hoc-group signatures from hijacked keypairs. In: DIMACS Workshop on Theft in e-commerce (2005), http://theory.lcs.mit.edu/~rivest/publications.html
  3. [AMCG08]
    Aguilar Melchor, C., Cayrel, P.L., Gaborit, P.: A new efficient threshold ring signature scheme based on coding theory. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. [BCGO09]
    Berger, T., Cayrel, P.L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 60–76. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. [BKM06]
    Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. [BLP08]
    Bernstein, J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. [BMvT78]
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Trans. Inform. Th. 24 (1978)Google Scholar
  8. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  9. [BSS02]
    Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 465–480. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. [CFS01]
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. [CGH04]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. Journal of the ACM 51(4), 557–594 (2004)CrossRefMathSciNetGoogle Scholar
  12. [CGS07]
    Chandran, N., Groth, J., Sahai, A.: Ring signatures of sub-linear size without random oracles. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 423–434. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. [COV07]
    Cayrel, P.L., Otmani, A., Vergnaud, D.: On Kabatianskii-Krouk-Smeets signatures. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 237–251. Springer, Heidelberg (2007)Google Scholar
  14. [CPS08]
    Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)Google Scholar
  15. [CvH92]
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  16. [Dal08]
    Dallot, L.: Towards a concrete security proof of Courtois, Finiasz and Sendrier signature scheme. In: Lucks, S., Sadeghi, A.-R., Wolf, C. (eds.) WEWoRC 2007. LNCS, vol. 4945, pp. 65–77. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. [DH76]
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inform. Th. 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  18. [DKNS04]
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad-hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)Google Scholar
  19. [FS09]
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009), http://eprint.iacr.org/2009/414 Google Scholar
  20. [JSI96]
    Jakobson, M., Sako, K., Implagliazzo, R.: Desingated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  21. [KI01]
    Kobara, K., Imai, I.: Semantically secure McEliece public-key cryptosystems — conversions for McEliece PKC. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. [LM09]
    Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Tai, X.-C., et al. (eds.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. [LN09]
    Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 445–464. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. [LS01]
    Loidreau, P., Sendrier, N.: Weak keys in McEliece public-key cryptosystem. IEEE Trans. Inform. Th. 47(3), 1207–1212 (2001)MATHCrossRefMathSciNetGoogle Scholar
  25. [MB09]
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from goppa codes. Cryptology ePrint Archive, Report 2009/187 (2009), http://eprint.iacr.org/
  26. [McE78]
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Technical report, DSN Progress report # 42-44, Jet Propulsion Laboratory, Pasadena, Californila (1978)Google Scholar
  27. [Nao02]
    Naor, M.: Deniable ring authentification. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 481–498. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. [OTD08]
    Otmani, A., Tillich, J.P., Dallot, L.: Cryptanalysis of a McEliece cryptosystem based on quasi-cyclic LDPC codes. In: Faugre, J.C., Wang, D. (eds.) Proceedings of the first international conference on symbolic computation and cryptography. LMIB, pp. 69–81 (2008)Google Scholar
  29. [RST01]
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. [Sen00]
    Sendrier, N.: Finding the permutation between equivalent codes: the support splitting algorithm. IEEE Trans. Inform. Th. 46, 1193–1203 (2000)MATHCrossRefMathSciNetGoogle Scholar
  31. [Sen02]
    Sendrier, N.: Cryptosystèmes à clé publique basés sur les codes correcteurs d’erreurs. Habilitation à diriger les recherches, Université Pierre et Marie Curie, Paris 6, Paris, France, Mars (2002) (in French)Google Scholar
  32. [Sha79]
    Shamir, A.: How to share a secret. Commun. of the ACM 22(11), 612–613 (1979)MATHCrossRefMathSciNetGoogle Scholar
  33. [Ste90]
    Stern, J.: An alternative to the Fiat-Shamir protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 173–180. Springer, Heidelberg (1990)Google Scholar
  34. [Ste96]
    Stern, J.: A new paradigm for public key identification. IEEE Trans. Inform. Th. 42(6), 1757–1768 (1996)MATHCrossRefGoogle Scholar
  35. [SW07]
    Shacham, H., Waters, B.: Efficient ring signatures without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 166–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. [ZLC07]
    Zheng, D., Li, X., Chen, K.: Code-based ring signature scheme. International Journal of Network Security 5(2), 154–157 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Léonard Dallot
    • 1
  • Damien Vergnaud
    • 2
  1. 1.GREYC – UMR 6072, Université de CaenCaen CedexFrance
  2. 2.Ecole Normale SupérieureC.N.R.S. – I.N.R.I.A.Paris CEDEX 05France

Personalised recommendations