Advertisement

Strongly Unforgeable Signatures and Hierarchical Identity-Based Signatures from Lattices without Random Oracles

  • Markus Rückert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)

Abstract

We propose a variant of the “bonsai tree” signature scheme, a lattice-based existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability. Strong unforgeability demands that the adversary is unable to produce a new message-signature pair (m, s), even if he or she is allowed to see a different signature s for m.

In particular, we provide the first treeless signature scheme that supports strong unforgeability for the post-quantum era in the standard model. Moreover, we show how to directly implement identity-based, and even hierarchical identity-based, signatures (IBS) in the same strong security model without random oracles. An additional advantage of this direct approach over the usual generic conversion of hierarchical identity-based encryption to IBS is that we can exploit the efficiency of ideal lattices without significantly harming security.

We equip all constructions with strong security proofs based on mild worst-case assumptions on lattices and we also propose concrete security parameters.

Keywords

Post-quantum cryptography lattice cryptography digital signatures identity-based cryptography standard model 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agrawal, S., Boyen, X.: Identity-based encryption from lattices in the standard model (July 2009) (manuscript), http://www.cs.stanford.edu/~xb/ab09/
  2. 2.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99–108. ACM, New York (1996)Google Scholar
  3. 3.
    Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: STOC, pp. 601–610. ACM, New York (2001)Google Scholar
  4. 4.
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Cryptology ePrint Archive, Report 2008/521 (2008), http://eprint.iacr.org/
  5. 5.
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. In: Albers, S., Marion, J.-Y. (eds.) STACS. Dagstuhl Seminar Proceedings, vol. 09001, pp. 75–86. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany Internationales Begegnungs- und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, Germany (2009)Google Scholar
  6. 6.
    Bellare, M., Shoup, S.: Two-tier signatures, strongly unforgeable signatures, and fiat-shamir without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 201–216. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Bernstein, D.J., Buchmann, J.A., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2008)Google Scholar
  8. 8.
    Boneh, D., Boyen, X.: Efficient selective-id secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: EUROCRYPT 2010 (to appear, 2010)Google Scholar
  13. 13.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Galindo, D., Herranz, J., Kiltz, E.: On the generic construction of identity-based signatures with additional properties. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 178–193. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 197–206. ACM, New York (2008)Google Scholar
  17. 17.
    Gentry, C., Silverberg, A.: Hierarchical id-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Halevi, S. (ed.): CRYPTO 2009. LNCS, vol. 5677. Springer, Heidelberg (2009)zbMATHGoogle Scholar
  19. 19.
    Hohenberger, S., Waters, B.: Short and stateless signatures from the rsa assumption. In: Halevi (ed.) [18], pp. 654–670.Google Scholar
  20. 20.
    Kiltz, E., Mityagin, A., Panjwani, S., Raghavan, B.: Append-only signatures. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 434–445. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Kiltz, E., Neven, G.: Identity-based signatures. In: Joye, M., Neven, G. (eds.) Cryptology and Information Security Series, vol. 2, pp. 31–44. IOS Press, Amsterdam (2008)Google Scholar
  22. 22.
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. Cryptology ePrint Archive, Report 1998/010 (1998), http://eprint.iacr.org/
  23. 23.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS. The Internet Society (2000)Google Scholar
  24. 24.
    Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi (ed.) [18], pp. 445–464Google Scholar
  25. 25.
    Libert, B., Quisquater, J.-J.: The exact security of an identity based signature and its applications. Cryptology ePrint Archive, Report 2004/102 (2004), http://eprint.iacr.org/
  26. 26.
    Lyubashevsky, V.: Fiat-shamir with aborts: Applications to lattice and factoring-based signatures. In: Matsui (ed.) [28], pp. 598–616Google Scholar
  27. 27.
    Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37–54. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Matsui, M. (ed.): ASIACRYPT 2009. LNCS, vol. 5912. Springer, Heidelberg (2009)zbMATHGoogle Scholar
  29. 29.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  30. 30.
    Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity 16(4), 365–411 (2007); Prelim. in FOCS 2002 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, et al. (eds.) [7], pp. 147–191Google Scholar
  32. 32.
    Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Rückert, M.: Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles. Cryptology ePrint Archive, Report 2010/070 (2010), http://eprint.iacr.org/
  34. 34.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  35. 35.
    Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui (ed.) [28], pp. 617–635Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Markus Rückert
    • 1
  1. 1.Cryptography and Computeralgebra, Department of Computer ScienceTU Darmstadt 

Personalised recommendations