A Lattice-Based Threshold Ring Signature Scheme

  • Pierre-Louis Cayrel
  • Richard Lindner
  • Markus Rückert
  • Rosemberg Silva
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6212)

Abstract

In this article, we propose a new lattice-based threshold ring signature scheme, modifying Aguilar’s code-based solution to use the short integer solution (SIS) problem as security assumption, instead of the syndrome decoding (SD) problem. By applying the CLRS identification scheme, we are also able to have a performance gain as result of the reduction in the soundness error to 1/2 per round. Such gain is also maintained through the application of the Fiat-Shamir heuristics to derive signatures from our identification scheme. From security perspective we also have improvements, because our scheme exhibits a worst-case to average-case reduction typical of lattice-based cryptosystems. This gives us confidence that a random choice of parameters results in a system that is hard to break, in average.

Keywords

Identification scheme lattice-based cryptography SIS problem threshold ring signature zero-knowledge 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: Minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Melchor, C.A., Cayrel, P.-L., Gaborit, P.: A new efficient threshold ring signature scheme based on coding theory. In: Buchmann, Ding (eds.) [10], pp. 1–16Google Scholar
  3. 3.
    Ajtai, M.: Generating hard instances of lattice problems. Electronic Colloquium on Computational Complexity (ECCC) 3(7) (1996)Google Scholar
  4. 4.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. Electronic Colloquium on Computational Complexity (ECCC) 3(65) (1996)Google Scholar
  5. 5.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography. Springer Publishing Company, Incorporated, Heidelberg (2008)Google Scholar
  6. 6.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the mceliece cryptosystem. In: Buchmann, Ding (eds.) [10], pp. 31–46Google Scholar
  7. 7.
    Boyd, C. (ed.): ASIACRYPT 2001. LNCS, vol. 2248. Springer, Heidelberg (2001)MATHGoogle Scholar
  8. 8.
    Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity based encryption in the standard model. Cryptology ePrint Archive, Report 2010/086 (2010), http://eprint.iacr.org/
  9. 9.
    Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 465–480. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Buchmann, J., Ding, J. (eds.): PQCrypto 2008. LNCS, vol. 5299. Springer, Heidelberg (2008)MATHGoogle Scholar
  11. 11.
    Cayrel, P.-L., Lindner, R., Rückert, M., Silva, R.: Improved zero-knowledge identification with latticesGoogle Scholar
  12. 12.
    Cayrel, P.-L., Véron, P.: Improved code-based identification scheme. CoRR, abs/1001.3017 (2010), http://arxiv.org/abs/1001.3017v1
  13. 13.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a mceliece-based digital signature scheme. In: Boyd (ed.) [7], pp. 157–174Google Scholar
  15. 15.
    Dallot, L., Vergnaud, D.: Provably secure code-based threshold ring signatures. In: Parker, M.G. (ed.) Cryptography and Coding. LNCS, vol. 5921, pp. 222–235. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Lyubashevsky, V.: Fiat-shamir with aborts: Applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009)Google Scholar
  20. 20.
    Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: Swifft: A modest proposal for fft hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. In: Computational Complexity. Springer, Heidelberg (2007)Google Scholar
  23. 23.
    Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: a cryptographic perspective, March 2002. The Kluwer International Series in Engineering and Computer Science, vol. 671. Kluwer Academic Publishers, Boston (2002)MATHGoogle Scholar
  24. 24.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Micciancio, D., Vadhan, S.P.: Statistical zero-knowledge proofs with efficient provers: Lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 282–298. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  27. 27.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd (ed.) [7], pp. 552–565Google Scholar
  28. 28.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM review 41(2), 303–332 (1999)MATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994)Google Scholar
  30. 30.
    Véron, P.: Improved identification schemes based on error-correcting codes. Appl. Algebra Eng. Commun. Comput. 8(1), 57–69 (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Pierre-Louis Cayrel
    • 1
  • Richard Lindner
    • 2
  • Markus Rückert
    • 2
  • Rosemberg Silva
    • 3
  1. 1.CASED – Center for Advanced Security Research DarmstadtDarmstadtGermany
  2. 2.Fachbereich Informatik Kryptographie und ComputeralgebraTechnische Universität DarmstadtDarmstadtGermany
  3. 3.Institute of ComputingState University of Campinas (UNICAMP)CampinasBrazil

Personalised recommendations