论文信息 - A code-based signature scheme from the Lyubashevsky framework

A code-based signature scheme from the Lyubashevsky framework

Abstract We propose a new method to construct code-based signature scheme following the Lyubashevsky's lattice-based framework. Our technique ensures that the Hamming weight of each row of the private key matrix is below the GV bound instead of fixed weight. Our scheme can generate signatures whose maximum Hamming weight is below the GV bound of random linear codes with the public key matrix as parity-check matrix. We argue that our scheme can resist existing attacks on code-based signatures. We provide a detailed security analysis and prove that our scheme is existentially unforgeable under adaptive chosen-message attacks (EUF-CMA) in the random oracle model through exploiting and expanding code-based complex problems. Our scheme enjoys the shorter signature size than the Durandal signature scheme (EUROCRYPT 2019) and the Wave signature scheme (ASIACRYPT 2019) for security level of 128 bits. We also show that there is a generic method to construct Weight Restricted Hash (WRH) functions which can produce hash value with a given Hamming weight.

[1] Jean-Pierre Tillich,et al. Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes , 2018, ASIACRYPT.

[2] Kiyomoto Shinsaku,et al. Code-Based Signature Scheme without Trapdoors , 2018 .

[3] Edoardo Persichetti,et al. Efficient One-Time Signatures from Quasi-Cyclic Codes: A Full Treatment , 2018, Cryptogr..

[4] Huaxiong Wang,et al. Provably Secure Group Signature Schemes From Code-Based Assumptions , 2015, IEEE Transactions on Information Theory.

[5] Henk Meijer,et al. Security-related comments regarding McEliece's public-key cryptosystem , 1987, IEEE Trans. Inf. Theory.

[6] Peter W. Shor,et al. Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[7] Eugene Prange,et al. The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[8] Rudolf Lide,et al. Finite fields , 1983 .

[9] Robert H. Deng,et al. On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[10] Cryptography with constant input locality , 2007, CRYPTO 2007.

[11] Yi Mu,et al. An improved Durandal signature scheme , 2020, Science China Information Sciences.

[12] Nicolas Sendrier,et al. Encoding information into constant weight words , 2005, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005..

[13] Vadim Lyubashevsky,et al. Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[14] Antoine Joux,et al. Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[15] C. S. Park. Improving code rate of McEliece's public-key cryptosystem , 1989 .

[16] Sidi Mohamed El Yousfi Alaoui,et al. A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem , 2010, Selected Areas in Cryptography.

[17] J. van Tilburg,et al. Security-analysis of a class of cryptosystems based on linear error-correcting codes , 1994 .

[18] Adrien Hauteville,et al. Durandal: a rank metric based signature scheme , 2019, IACR Cryptol. ePrint Arch..

[19] Nicolas Sendrier,et al. Efficient Generation of Binary Words of Given Weight , 1995, IMACC.

[20] Elwyn R. Berlekamp,et al. On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[21] Gilles Zémor,et al. RankSign: An Efficient Signature Algorithm Based on the Rank Metric , 2014, PQCrypto.

[22] Jacques Stern,et al. A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[23] Yehuda Lindell,et al. Introduction to Modern Cryptography , 2004 .

[24] Tim Güneysu,et al. Compact Constant Weight Coding Engines for the Code-Based Cryptography , 2017, IEEE Transactions on Circuits and Systems II: Express Briefs.

[25] Adrien Hauteville,et al. Identity-Based Encryption from Codes with Rank Metric , 2017, CRYPTO.

[26] Hung-Lin Fu,et al. Information rate of McEliece's public-key cryptosystem , 1990 .

[27] Solomon W. Golomb,et al. Run-length encodings (Corresp.) , 1966, IEEE Trans. Inf. Theory.

[28] Marco Baldi,et al. Cryptanalysis of a One-Time Code-Based Digital Signature Scheme , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[29] Enrico Thomae,et al. Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[30] Ernest F. Brickell,et al. An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[31] Hung-Min Sun,et al. Improving the Security of the McEliece Public-Key Cryptosystem , 1998, ASIACRYPT.

[32] E. Gilbert. A comparison of signalling alphabets , 1952 .

[33] John N. Pierce. Limit distribution of the minimum distance of random linear codes , 1967, IEEE Trans. Inf. Theory.

[34] Jean-Pierre Tillich,et al. Two Attacks on Rank Metric Code-Based Schemes: RankSign and an IBE Scheme , 2018, ASIACRYPT.

[35] Jacques Stern,et al. An Efficient Pseudo-Random Generator Provably as Secure as Syndrome Decoding , 1996, EUROCRYPT.

[36] Robert J. McEliece,et al. A public key cryptosystem based on algebraic coding theory , 1978 .

[37] Matthieu Finiasz,et al. Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[38] Matthieu Finiasz,et al. How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[39] Edoardo Persichetti,et al. Improving the Efficiency of Code-Based Cryptography , 2012 .