Towards Practical Lattice-Based One-Time Linkable Ring Signatures

Ring signatures, as introduced by Rivest, Shamir, and Tauman (Asiacrypt ’01), allow to generate a signature for a message on behalf of an ad-hoc set of parties. To sign a message, only the public keys must be known and these can be generated independently. It is furthermore not possible to identify the actual signer based on the signature. Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender. To be applicable in that setting, ring signatures must allow to determine when a party signed multiple transactions, which is done using a property called linkability.

[1]  Amit Sahai,et al.  Ring Signatures of Sub-linear Size Without Random Oracles , 2007, ICALP.

[2]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[3]  Martin R. Albrecht,et al.  Large Modulus Ring-LWE ≥ Module-LWE , 2017, ASIACRYPT.

[4]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[5]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[6]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors , 2016, Journal of Cryptology.

[7]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[8]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives , 2018, IACR Cryptol. ePrint Arch..

[9]  Albrecht Petzoldt,et al.  RingRainbow - An Efficient Multivariate Ring Signature Scheme , 2017, AFRICACRYPT.

[10]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[11]  Léo Ducas,et al.  Improved Short Lattice Signatures in the Standard Model , 2014, CRYPTO.

[12]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[13]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[14]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[15]  Joseph H. Silverman,et al.  NSS: An NTRU Lattice-Based Signature Scheme , 2001, EUROCRYPT.

[16]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[17]  Vadim Lyubashevsky,et al.  Partially Splitting Rings for Faster Lattice-Based Zero-Knowledge Proofs , 2017, IACR Cryptol. ePrint Arch..

[18]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[20]  Victor K.-W. Wei,et al.  Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation , 2005, ISPEC.

[21]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[22]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[23]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[24]  Man Ho Au,et al.  Lattice-Based Techniques for Accountable Anonymity: Composition of Abstract Stern's Protocols and Weak PRF with Efficient Protocols from LWR , 2017, IACR Cryptol. ePrint Arch..

[25]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[26]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[27]  Xavier Boyen,et al.  Adapting Lyubashevsky's Signature Schemes to the Ring Signature Setting , 2013, AFRICACRYPT.

[28]  Fernando Virdia,et al.  Estimate all the {LWE, NTRU} schemes! , 2018, IACR Cryptol. ePrint Arch..

[29]  Yael Tauman Kalai,et al.  A Framework for Efficient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model , 2010, IACR Cryptol. ePrint Arch..

[30]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash , 2017, ASIACRYPT.

[31]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[32]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[33]  Shen Noether,et al.  Ring Confidential Transactions , 2016, Ledger.

[34]  Matthew K. Franklin,et al.  A Framework for Unique Ring Signatures , 2012, IACR Cryptol. ePrint Arch..

[35]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[36]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[37]  Duncan S. Wong,et al.  Linkable and Anonymous Signature for Ad Hoc Groups , 2004 .

[38]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[39]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[40]  Damien Stehlé,et al.  CRYSTALS - Dilithium: Digital Signatures from Module Lattices , 2017, IACR Cryptol. ePrint Arch..

[41]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[42]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[43]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[44]  Ron Steinfeld,et al.  Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain (Lattice RingCT v1.0) , 2018, IACR Cryptol. ePrint Arch..

[45]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[46]  Koutarou Suzuki,et al.  Traceable Ring Signature , 2007, Public Key Cryptography.

[47]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[48]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[49]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[50]  Bo Sun,et al.  Ring Signature Schemes from Lattice Basis Delegation , 2011, ICICS.

[51]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[52]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.