Short Lattice Signatures in the Standard Model with Efficient Tag Generation

We propose new short signature schemes under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction in [Ducas and Micciancio, CRYPTO 2014], we demonstrate efficient lattice-based signatures with improved tag generation. We firstly construct a scheme under mild security condition that is existentially unforgeable against random message attack with auxiliary information. We then convert the mildly secure scheme to a fully secure scheme by applying a trapdoor commitment scheme. Our schemes enable the generation of tags from messages and the collision of multiple tags, which improves reduction loss. Our schemes have short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.’s scheme. In accordance with two kinds of parameter set for tag generation, we get two signature schemes with different properties of reduction loss and verification key size. One of our schemes has tighter reduction and as the same size verification key of \(O(\log n)\) as that of Ducas et al.’s scheme, where n is the security parameter. Another scheme achieves much tighter reduction loss of \(O(\frac{Q}{n})\) for the sake of verification size of O(n), where Q is the number of signing queries.

[1]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[2]  Tibor Jager,et al.  Waters Signatures with Optimal Security Reduction , 2012, Public Key Cryptography.

[3]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2015, Journal of Cryptology.

[4]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, EUROCRYPT.

[5]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[8]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[9]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[10]  Tibor Jager,et al.  Practical Signatures from Standard Assumptions , 2013, EUROCRYPT.

[11]  Chris Peikert,et al.  SWIFFT: A Modest Proposal for FFT Hashing , 2008, FSE.

[12]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[13]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[14]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[15]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[16]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[17]  Xavier Boyen,et al.  Towards Tightly Secure Lattice Short Signature and Id-Based Encryption , 2016, ASIACRYPT.

[18]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[19]  Daniele Micciancio,et al.  Asymptotically Effi cient Lattice-Based Digital Signatures , 2008, IACR Cryptol. ePrint Arch..

[20]  Léo Ducas,et al.  Improved Short Lattice Signatures in the Standard Model , 2014, CRYPTO.

[21]  Jacob Alperin-Sheriff Short Signatures with Short Public Keys from Homomorphic Trapdoor Functions , 2015, Public Key Cryptography.