An Efficient Lattice-Based Multisignature Scheme with Applications to Bitcoins

  • Rachid El Bansarkhani
  • Jan Sturm
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10052)


Multisignature schemes constitute important primitives when it comes to save the storage and bandwidth costs in presence of multiple signers. Such constructions are extensively used in financial applications such as Bitcoins, where more than one key is required in order to authorize Bitcoin transactions. However, many of the current state-of-the-art multisignature schemes are based on the RSA or discrete-log assumptions, which may become insecure in the future, for example due to the possibility of quantum attacks. In this paper we propose a new multisignature scheme that is built on top of the intractability of lattice problems that remain hard to solve even in presence of powerful quantum computers. The size of a multisignature is quasi optimal and our scheme can also easily be transformed into a more general aggregate signature scheme. Finally, we give an efficient implementation of the scheme which testifies its practicality and competitive capacity.


Multisignature scheme Lattice-based crypto Post-quantum 


  1. 1.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptology 9, 169–203 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bagherzandi, A., Jarecki, S.: Identity-based aggregate and multi-signature schemes based on RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 480–498. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_28 CrossRefGoogle Scholar
  3. 3.
    Baktir, S., Sunar, B.: Achieving efficient polynomial multiplication in Fermat fields using the fast Fourier transform. In: ACM Southeast Regional Conference Proceedings of the 44th Annual Southeast Regional Conference, pp. 549–554. ACM Press (2006)Google Scholar
  4. 4.
    Bellare, M., Neven, G.: Identity-based multi-signatures from RSA. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 145–162. Springer, Heidelberg (2006). doi: 10.1007/11967668_10 CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 06 13th Conference on Computer and Communications Security, pp. 390–399. ACM Press, October/November 2006Google Scholar
  6. 6.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). doi: 10.1007/3-540-36288-6_3 CrossRefGoogle Scholar
  7. 7.
    Bansarkhani, R., Buchmann, J.: Towards lattice based aggregate signatures. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 336–355. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-06734-6_21 CrossRefGoogle Scholar
  8. 8.
    Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33027-8_31 CrossRefGoogle Scholar
  9. 9.
    Güneysu, T., Oder, T., Pöppelmann, T., Schwabe, P.: Software speed records for lattice-based signatures. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 67–82. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38616-9_5 CrossRefGoogle Scholar
  10. 10.
    Harn, L.: Digital multisignature with distinguished signing authorities. Electron. Lett. 35(4), 294–295 (1999)CrossRefGoogle Scholar
  11. 11.
    Itakura, K., Nakamura, K.: A public-key cryptosystem suitable for digital multisignatures (1983)Google Scholar
  12. 12.
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565–599 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Li, C.-M., Hwang, T., Lee, N.-Y.: Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 194–204. Springer, Heidelberg (1995). doi: 10.1007/BFb0053435 Google Scholar
  14. 14.
    Lomont, C.: Introduction to Intel Advanced Vector Extensions, June 2011.
  15. 15.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006). doi: 10.1007/11761679_28 CrossRefGoogle Scholar
  16. 16.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002). doi: 10.1007/3-540-45708-9_38 CrossRefGoogle Scholar
  17. 17.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_43 CrossRefGoogle Scholar
  18. 18.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: ACM CCS 01: 8th Conference on Computer and Communications Security, pp. 245–254. ACM Press, November 2001Google Scholar
  19. 19.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).
  20. 20.
    Ohta, K., Okamoto, T.: Multi-signature scheme secure against active insider attacks. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 82(1), 21–31 (1999)Google Scholar
  21. 21.
    Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact Ring-LWE cryptoprocessor. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 371–391. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_21 Google Scholar
  22. 22.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations