Post-Quantum Linkable Ring Signature Enabling Distributed Authorised Ring Confidential Transactions in Blockchain

When electronic wallets are transferred by more than one party, the level of security can be enhanced by decentralising the distribution of authorisation amongst those parties. Threshold signature schemes enable this functionality by allowing multiple cosigners to cooperate in order to create a joint signature. These cosigners interact to sign a transaction which then confirms that a wallet has been transferred. However, in the event of a post-quantum attack, existing threshold signature schemes that support such an authorisation technique in privacypreserving cryptocurrency protocols like Ring Confidential Transaction (RingCT) would not provide adequate security. In this paper, we present a new post-quantum cryptographic mechanism, called Lattice-based Linkable Ring Signature with Co-Signing (L2RSCS), which offers a distributed authorisation feature to protect electronic wallets. A novel security model for L2RS-CS is also formalised to capture the security and privacy requirements to protect transactions in applications to blockchain cryptocurrency protocols, such as the RingCT. To address key-generation security concerns, and to support compression of keys and signatures, the L2RS-CS incorporates a distributed key generation along with a solid public-key aggregation. Finally, we prove the security of our constructed L2RS-CS in the random oracle model and the standard lattice-based Module-SIS hardness assumption.

[1]  Pierre-Louis Cayrel,et al.  A Lattice-Based Threshold Ring Signature Scheme , 2010, LATINCRYPT.

[2]  Joseph K. Liu,et al.  On the RS-Code Construction of Ring Signature Schemes and a Threshold Setting of RST , 2003, ICICS.

[3]  Rachid El Bansarkhani,et al.  An Efficient Lattice-Based Multisignature Scheme with Applications to Bitcoins , 2016, CANS.

[4]  Sarang Noether,et al.  Thring Signatures and their Applications to Spender-Ambiguous Digital Currencies , 2018, IACR Cryptol. ePrint Arch..

[5]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[6]  Damien Stehlé,et al.  CRYSTALS - Dilithium: Digital Signatures from Module Lattices , 2017, IACR Cryptol. ePrint Arch..

[7]  Ron Steinfeld,et al.  Lattice RingCT v2.0 with Multiple Input and Output Wallets , 2019, IACR Cryptol. ePrint Arch..

[8]  Raylin Tso,et al.  A k-out-of-n Ring Signature with Flexible Participation for Signers , 2018, IACR Cryptol. ePrint Arch..

[9]  Joseph K. Liu,et al.  On the Security Models of (Threshold) Ring Signature Schemes , 2004, ICISC.

[10]  Yupu Hu,et al.  Lattice-based Threshold Ring Signature with Message Block Sharing , 2019, KSII Trans. Internet Inf. Syst..

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[13]  Luís T. A. N. Brandão Towards Standardization of Threshold Schemes at NIST , 2019, TIS@CCS.

[14]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[15]  Joseph K. Liu,et al.  Separable Linkable Threshold Ring Signatures , 2004, INDOCRYPT.

[16]  Fangguo Zhang,et al.  Identity Based Threshold Ring Signature from Lattices , 2014, NSS.

[17]  Benny Pinkas,et al.  Towards Scalable Threshold Cryptosystems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[18]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[19]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[20]  Arvind Narayanan,et al.  Escrow Protocols for Cryptocurrencies: How to Buy Physical Goods Using Bitcoin , 2017, Financial Cryptography.

[21]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[22]  Jan Camenisch,et al.  Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures , 2014, ASIACRYPT.

[23]  Yannick Seurin,et al.  Simple Schnorr multi-signatures with applications to Bitcoin , 2019, Designs, Codes and Cryptography.

[24]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[25]  Tsz Hon Yuen,et al.  Threshold ring signature without random oracles , 2011, ASIACCS '11.

[26]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[27]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[28]  Ron Steinfeld,et al.  Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain (Lattice RingCT v1.0) , 2018, IACR Cryptol. ePrint Arch..

[29]  Kristin E. Lauter,et al.  Postquantum Cryptography - State of the Art , 2017, IEEE Secur. Priv..

[30]  Bala Srinivasan,et al.  Effectiveness of Fully Homomorphic Encryption to Preserve the Privacy of Biometric Data , 2014, iiWAS.

[31]  Joseph K. Liu,et al.  A Separable Threshold Ring Signature Scheme , 2003, ICISC.

[32]  Kristin E. Lauter,et al.  Postquantum Cryptography, Part 2 , 2018, IEEE Secur. Priv..

[33]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[34]  Mauro Conti,et al.  A Survey on Security and Privacy Issues of Bitcoin , 2017, IEEE Communications Surveys & Tutorials.

[35]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[36]  Julien Schrek,et al.  Improved Lattice-Based Threshold Ring Signature Scheme , 2013, PQCrypto.

[37]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.

[38]  Hugo Krawczyk,et al.  Secure Applications of Pedersen's Distributed Key Generation Protocol , 2003, CT-RSA.

[39]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[40]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[41]  Arvind Narayanan,et al.  Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security , 2016, ACNS.

[42]  Jacques Stern,et al.  Threshold Ring Signatures and Applications to Ad-hoc Groups , 2002, CRYPTO.

[43]  Shen Noether,et al.  Ring SIgnature Confidential Transactions for Monero , 2015, IACR Cryptol. ePrint Arch..

[44]  Bala Srinivasan,et al.  Privacy-preserving biometrics authentication systems using fully homomorphic encryption , 2015, Int. J. Pervasive Comput. Commun..

[45]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[46]  Dongxi Liu,et al.  MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol , 2019, CCS.

[47]  Germán Sáez,et al.  Some protocols useful on the Internet from threshold signature schemes , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[48]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..