Lattice-based message recovery signature schemes

The message recovery signature scheme is a very useful signature scheme in which the verification of signature does not require appended message, because the message can be easily recovered from the signature. Although message recovery signatures based on conventional number-theoretic problems have been achieved, it is still unknown whether message recovery signature can be implemented based on lattices, which are receiving considerable attention in cryptographic community since they are resistant to quantum computer's attacks. This paper provides a positive answer to the above question by presenting two concrete lattice-based message recovery signature schemes. The two schemes make use of the efficient lattice-based signature scheme recently created by Lyubashevsky and presented at EUROCRYPT 2012. Our constructions are proved to be secure in the random oracle model under the short integer solution assumption. Compared with Lyubashevsky signature scheme, our schemes are more efficient in terms of communication overhead.

[1]  Debiao He,et al.  An efficient certificateless authenticated key agreement protocol without bilinear pairings , 2011, IACR Cryptology ePrint Archive.

[2]  Sahadeo Padhye,et al.  An efficient certificateless two-party authenticated key agreement protocol , 2012, Comput. Math. Appl..

[3]  Krste Asanovic,et al.  Energy Aware Lossless Data Compression , 2003, MobiSys.

[4]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[5]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[6]  Atsuko Miyaji A Message Recovery Signature Scheme Equivalent to DSA over Elliptic Curves , 1996, ASIACRYPT.

[7]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2006, EUROCRYPT.

[8]  Tatsuaki Okamoto,et al.  A Signature Scheme with Message Recovery as Secure as Discrete Logarithm , 1999, ASIACRYPT.

[9]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[10]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[11]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[12]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[13]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[14]  Liusheng Huang,et al.  Breaking A Proxy Signature Scheme From Lattices , 2012, Int. J. Netw. Secur..

[15]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[16]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[17]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[18]  R. A. Rueppel,et al.  Message recovery for signature schemes based on the discrete logarithm problem , 1994, EUROCRYPT.

[19]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[20]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[21]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[22]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[23]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[24]  Markus Rückert,et al.  Lattice-based Blind Signatures , 2010, Algorithms and Number Theory.

[25]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..