Lattice-Based Blind Signatures, Revisited

We observe that all previously known lattice-based blind signature schemes contain subtle flaws in their security proofs (e.g., Ruckert, ASIACRYPT ’08) or can be attacked (e.g., BLAZE by Alkadri et al., FC ’20). Motivated by this, we revisit the problem of constructing blind signatures from standard lattice assumptions.

[1]  Amit Sahai,et al.  Round Optimal Blind Signatures , 2011, CRYPTO.

[2]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[3]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[4]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[5]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[6]  Chanathip Namprempre,et al.  From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security , 2002, EUROCRYPT.

[7]  Alistair Sinclair,et al.  The extendedk-tree algorithm , 2009 .

[8]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[9]  Yupu Hu,et al.  Identity-based blind signature from lattices , 2017, Wuhan University Journal of Natural Sciences.

[10]  Markus Rückert,et al.  Lattice-based Blind Signatures , 2010, Algorithms and Number Theory.

[11]  Ngoc Khanh Nguyen On the Non-Existence of Short Vectors in Random Module Lattices , 2019, IACR Cryptol. ePrint Arch..

[12]  Anna Lysyanskaya,et al.  Anonymous credentials light , 2013, IACR Cryptol. ePrint Arch..

[13]  Rachid El Bansarkhani,et al.  On Lattice-Based Interactive Protocols with Aborts , 2020, IACR Cryptol. ePrint Arch..

[14]  Anna Lysyanskaya,et al.  On the Security of One-Witness Blind Signature Schemes , 2013, ASIACRYPT.

[15]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[16]  Willy Susilo,et al.  A Blind Signature from Module Latices , 2019, 2019 IEEE Conference on Dependable and Secure Computing (DSC).

[17]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[18]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[19]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[20]  Yupu Hu,et al.  Identity-Based Blind Signature from Lattices in Standard Model , 2016, Inscrypt.

[21]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[22]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[23]  Francisco Rodríguez-Henríquez,et al.  Yet another improvement over the Mu-Varadharajan e-voting protocol , 2007, Comput. Stand. Interfaces.

[24]  Masayuki Abe,et al.  A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures , 2001, EUROCRYPT.

[25]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[26]  Rafail Ostrovsky,et al.  Security of blind digital signatures , 1997 .

[27]  Marc Fischlin,et al.  Security of Blind Signatures under Aborts , 2009, Public Key Cryptography.

[28]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[29]  Eike Kiltz,et al.  A Modular Treatment of Blind Signatures from Identification Schemes , 2019, IACR Cryptol. ePrint Arch..

[30]  Liang Chen,et al.  Hierarchical ID-Based Blind Signature from Lattices , 2011, CIS.

[31]  Practical Round-Optimal Blind Signatures in the Standard Model , 2015, IACR Cryptol. ePrint Arch..

[32]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.

[33]  Dieter Gollmann,et al.  A New Blind ECDSA Scheme for Bitcoin Transaction Anonymity , 2019, IACR Cryptol. ePrint Arch..

[34]  Chen Liang,et al.  Hierarchical ID-Based Blind Signature from Lattices , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[35]  Jacques Stern,et al.  New blind signatures equivalent to factorization (extended abstract) , 1997, CCS '97.

[36]  Rachid El Bansarkhani,et al.  BLAZE: Practical Lattice-Based Blind Signatures for Privacy-Preserving Applications , 2020, IACR Cryptol. ePrint Arch..

[37]  Mihir Bellare,et al.  Code-Based Game-Playing Proofs and the Security of Triple Encryption , 2004, IACR Cryptol. ePrint Arch..

[38]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[39]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[40]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[41]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[42]  David Pointcheval,et al.  Strengthened Security for Blind Signatures , 1998, EUROCRYPT.

[43]  Phillip Rogaway,et al.  Formalizing Human Ignorance , 2006, VIETCRYPT.

[44]  Ntt Laboratorics,et al.  Universal Electronic Cash , 1992 .

[45]  Lili Zhang,et al.  A Lattice-Based Identity-Based Proxy Blind Signature Scheme in the Standard Model , 2014 .

[46]  Tatsuaki Okamoto,et al.  Provably Secure Partially Blind Signatures , 2000, CRYPTO.

[47]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[48]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[49]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[50]  Tatsuaki Okamoto,et al.  Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[51]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[52]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[53]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[54]  Liehuang Zhu,et al.  A round-optimal lattice-based blind signature scheme for cloud services , 2017, Future Gener. Comput. Syst..

[55]  Mihir Bellare,et al.  The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants , 2018, IACR Cryptol. ePrint Arch..

[56]  Dominique Unruh,et al.  Security of Blind Signatures Revisited , 2012, Journal of Cryptology.

[57]  Nico Döttling,et al.  Two-Message, Oblivious Evaluation of Cryptographic Functionalities , 2016, CRYPTO.

[58]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[59]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[60]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[61]  Sébastien Canard,et al.  Lattice-based (Partially) Blind Signature without Restart , 2020, IACR Cryptol. ePrint Arch..

[62]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[63]  Alistair Sinclair,et al.  The Extended k-tree Algorithm , 2011, Journal of Cryptology.

[64]  Dimitrios Hristu-Varsakelis,et al.  Leakage-resilient lattice-based partially blind signatures , 2019, IET Inf. Secur..

[65]  Claus-Peter Schnorr,et al.  Security of Blind Discrete Log Signatures against Interactive Attacks , 2001, ICICS.

[66]  Sanjam Garg,et al.  Efficient Round Optimal Blind Signatures , 2014, IACR Cryptol. ePrint Arch..