Short Signatures with Short Public Keys from Homomorphic Trapdoor Functions

We present a lattice-based stateless signature scheme provably secure in the standard model. Our scheme has a constant number of matrices in the public key and a single lattice vector (plus a tag) in the signatures. The best previous lattice-based encryption schemes were the scheme of Ducas and Micciancio (CRYPTO 2014), which required a logarithmic number of matrices in the public key and that of Bohl et. al (J. of Cryptology 2014), which required a logarithmic number of lattice vectors in the signature. Our main technique involves using fully homomorphic computation to compute a degree \(d\) polynomial over the tags hidden in the matrices in the public key. In the scheme of Ducas and Micciancio, only functions linear over the tags in the public key matrices were used, which necessitated having \(d\) matrices in the public key.

[1]  Léo Ducas,et al.  Improved Short Lattice Signatures in the Standard Model , 2014, CRYPTO.

[2]  Kaoru Kurosawa,et al.  Public-Key Cryptography – PKC 2013 , 2013, Lecture Notes in Computer Science.

[3]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2013 , 2013, Lecture Notes in Computer Science.

[4]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[5]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[6]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[7]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[8]  Chris Peikert,et al.  Faster Bootstrapping with Polynomial Error , 2014, CRYPTO.

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[10]  Tibor Jager,et al.  Confined Guessing: New Signatures From Standard Assumptions , 2014, Journal of Cryptology.

[11]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[12]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[13]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[14]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[15]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[16]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[17]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[18]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[19]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[20]  Daniele Micciancio,et al.  Asymptotically Efficient Lattice-Based Digital Signatures , 2018, Journal of Cryptology.

[21]  Elisabeth Oswald,et al.  Advances in Cryptology – EUROCRYPT 2014 , 2014, Lecture Notes in Computer Science.

[22]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[23]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[24]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[25]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[26]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[27]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[28]  Emmanuela Orsini,et al.  Dishonest Majority Multi-Party Computation for Binary Circuits , 2014, IACR Cryptol. ePrint Arch..

[29]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[30]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[31]  Elisabeth Oswald,et al.  The Myth of Generic DPA...and the Magic of Learning , 2014, CT-RSA.

[32]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[33]  Keita Xagawa,et al.  Improved (Hierarchical) Inner-Product Encryption from Lattices , 2013, Public Key Cryptography.

[34]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[35]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[36]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[37]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[38]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[39]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[40]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[41]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[42]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[43]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[44]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.