Xianping Mao,Kefei Chen,Liangliang Wang,Yu Long

DOI: https://doi.org/10.1109/incos.2014.41

2014-01-01

Abstract:Fair exchange is essential in E-commerce, and concurrent signature realizes the fair exchange of digital signatures with removing the requirement of a trusted third party. Multi-party concurrent signature is an extension to the multi-user scenario. The security of existing multi-party concurrent signatures is mostly based on traditional hard problems that could be solved efficiently with quantum algorithms in a post-quantum world. Meanwhile, the lattice-based cryptography is considered to be resistant to quantum attack. Wang et al. proposed a lattice-based multi-party concurrent signature. We give the analysis of their proposed signature scheme and find that it is not secure since an inside adversary can forge the signature. Moreover, the initial signer can produce any signatures, instead of a signature on the original messages, if he is malicious.

Fengxia Liu,Zhiyong Zheng,Zixian Gong,Kun Tian,Yi Zhang,Zhe Hu,Jia Li,Qun Xu

DOI: https://doi.org/10.1186/s42400-023-00198-1

2024-04-04

Abstract:Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation, rich mathematical foundation and worst-case security, and also an important tool for constructing cryptography. This survey explores lattice-based digital signatures, a promising post-quantum resistant alternative to traditional schemes relying on factoring or discrete logarithm problems, which face increasing risks from quantum computing. The study covers conventional paradigms like Hash-and-Sign and Fiat-Shamir, as well as specialized applications including group, ring, blind, and proxy signatures. It analyzes the versatility and security strengths of lattice-based schemes, providing practical insights. Each chapter summarizes advancements in schemes, identifying emerging trends. We also pinpoint future directions to deploy lattice-based digital signatures including quantum cryptography.

BaoHong Li,YanZhi Liu,Sai Yang

DOI: https://doi.org/10.1109/icebe.2018.00062

2018-01-01

Abstract:Universal designated verifier signatures can be used to resolve the conflict between authenticity and privacy in some applications. However, all of existing constructions for this primitive are based on hard problems in number theory, and will be ultimately broken in quantum era. To address this issue, we construct the first lattice-based universal designated verifier signatures as a post-quantum candidate for this primitive. Our construction is obtained by directly extending a ring-based variant of the Gentry-Peikert-Vaikuntanathan signature scheme with some additional algorithms, thus the existing key generation and signing implementation can be used without modification. We also show that our construction is provably secure under the Small Integer Solution problem over rings, in the random oracle model.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2016-1353

2016-01-01

Fundamenta Informaticae

Abstract:Identity-based signature is an important technique for light-weight authentication. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions since they would remain secure in future quantum age. In this paper we present a new identity-based signature scheme from lattice problems. This scheme is more efficient than other lattice-based identity-based signature schemes in terms of both computation and communication complexities. We prove its security in the random oracle model under short integer solution assumption that is as hard as approximating several worst-case lattice problems. We also extend the scheme to an identity-based message recovery signature scheme that has better performance.

Xiao Zhang,Faguo Wu,Wang Yao,Wenhua Wang,Zhiming Zheng

DOI: https://doi.org/10.32604/cmc.2020.08008

2020-01-01

Abstract:Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2016-1353

2016-01-01

Fundamenta Informaticae

Abstract:Identity-based signature is an important technique for light-weight authentication. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions since they would remain secure in future quantum age. In this paper we present a new identity-based signature scheme from lattice problems. This scheme is more efficient than other lattice-based identity-based signature schemes in terms of both computation and communication complexities. We prove its security in the random oracle model under short integer solution assumption that is as hard as approximating several worst-case lattice problems. We also extend the scheme to an identity-based message recovery signature scheme that has better performance.

Xian-ping Mao,Ke-fei Chen,Yu Long,Liang-liang Wang

DOI: https://doi.org/10.1007/s12204-014-1516-4

2014-01-01

Abstract:Attribute-based signature is a versatile class of digital signatures. In attribute-based signature, a signer obtains his private key corresponding to the set of his attributes from a trusted authority, and then he can sign a message with any predicate that is satisfied by his attributes set. Unfortunately, there does not exist an attributebased signature which is resistance to the quantum attacks. This means we do not have secure attribute-based signature schemes in a post-quantum world. Based on this consideration, an attribute-based signature on lattices, which could resist quantum attacks, is proposed. This scheme employs “bonsai tree” techniques, and could be proved secure under the hardness assumption of small integer solution problem.

Mingxing Hu,Zhen Liu

2022-01-01

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring. The anonymity of the scheme guarantees that the signature does not reveal which member of the ring signed the message. The notion of linkable ring signatures (LRS) is an extension of the concept of ring signatures such that there is a public way of determining whether two signatures have been produced by the same signer. Lattice-based LRS is an important and active research line, since lattice-based cryptography has attracted more attention due to its distinctive features especially the quantum resistant. However, all the existing lattice-based LRS relied on random oracle heuristics, i.e., no lattice-based LRS in the standard model has been introduced so far. In this paper, we present a lattice-based LRS scheme based on the wellstudied standard lattice assumptions (SIS and LWE) in the standard model.

Jianhua Yan,Licheng Wang,Lihua Wang,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1155/2013/702539

IF: 1.43

2013-01-01

Mathematical Problems in Engineering

Abstract:Signcryption is a cryptographic primitive that can perform digital signature and public encryption simultaneously at a significantly reduced cost. This advantage makes it highly useful in many applications. However, most existing signcryption schemes are seriously challenged by the booming of quantum computations. As an interesting stepping stone in the post-quantum cryptographic community, two lattice-based signcryption schemes were proposed recently. But both of them were merely proved to be secure in the random oracle models. Therefore, the main contribution of this paper is to propose a new lattice-based signcryption scheme that can be proved to be secure in the standard model.

李保红,牛慧芳,赵银亮

DOI: https://doi.org/10.3321/j.issn:0253-987x.2009.12.010

2009-01-01

Abstract:Aiming at the problem of fair exchange of digital signatures,a scheme of revocable concurrent signatures is proposed.In the step of signing,the signer chooses a piece of special information named keystone.The one-way function is then used to compute the keystone footprint,and then the encryption of the signer's public key is obtained by raising the keystone footprint to the power of his secret key.The keystone footprints are computed once more from the released keystones after the exchange of signatures,and each signer's public key is raised to the power of the keystone footprint.Then the identities of signers are recognized by comparing the results with the encryptions of the public keys produced in the step of signing,and the ambiguity of signatures can be revoked.Compared with traditional concurrent signatures schemes,the proposed scheme can avoid various attacks.Moreover,when a pair of revocable concurrent signatures is produced,only one keystone is required so that exchange protocols are simplified.It has been verified in a concrete construction that the proposed scheme is secure in the random oracle model under the decisional Diffie-Hellman assumption and the discrete logarithms assumption.

liusheng huang,miaomiao tian

DOI: https://doi.org/10.1002/sec.1105

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:Certificateless signature and certificate-based signature are two attractive replacements of regular signature and identity-based signature because they can alleviate the vexing certificate management problem in regular signatures and can also eliminate the inherent key escrow problem in identity-based signatures. Although a number of certificateless signatures and certificate-based signatures from bilinear pairings have been proposed, their lattice-based counterparts still remain unrealized. In this paper, we present the first constructions of certificateless signature and certificate-based signature from lattices. Both constructions are proven to be secure in the random oracle model under conventional small integer solution assumption that is as hard as approximating several standard lattice problems. Copyright (c) 2014 John Wiley & Sons, Ltd.

Zhenhua Liu,Yupu Hu,Xiangsong Zhang,Fagen Li

DOI: https://doi.org/10.1002/sec.531

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:ABSTRACTAn identity‐based signature scheme from lattices is constructed. The scheme is obtained from a modification of Agrawal, Boneh, and Boyen's lattice identity‐based encryption scheme. In this construction, we use two distinct trapdoors for finding short bases. One trapdoor enables the real implementation to generate short bases for all lattices. The other trapdoor enables the simulator to generate short bases for all lattices. Furthermore, the generating short bases are used to sample short vectors as signatures. Our scheme is computationally efficient. The scheme's strong unforgeability is proven in the standard model and rests on the hardness of the small integer solution problem. Finally, we extend the basic construction to obtain a hierarchical identity‐based signature scheme. Copyright © 2012 John Wiley & Sons, Ltd.

Heng Guo,Kun Tian,Feng Liu,Zhiyong Zheng

2024-12-02

Abstract:At present, in lattice-based linearly homomorphic signature schemes, especially under the standard model, there are very few schemes with tight security. This paper constructs the first lattice-based linearly homomorphic signature scheme that achieves tight security against existential unforgeability under chosen-message attacks (EUF-CMA) in the standard model. Furthermore, among existing schemes, the scheme proposed in this paper also offers certain advantages in terms of public key size, signature length, and computational cost.

Cryptography and Security,Information Theory

Mingxing Hu,Weijiong Zhang,Zhen Liu

DOI: https://doi.org/10.48550/arXiv.2206.12093

2022-06-24

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring, without revealing exactly which member of that ring actually generated the signature. The signer-anonymity property makes ring signatures have been an active research topic. Recently, Park and Sealfon (CRYPTO 19) presented an important anonymity notion named signer-unclaimability and constructed a lattice-based ring signature scheme with unclaimable anonymity in the standard model, however, it did not consider the unforgeable w.r.t. adversarially-chosen-key attack (the public key ring of a signature may contain keys created by an adversary) and the signature size grows quadratically in the size of ring and message. In this work, we propose a new lattice-based ring signature scheme with unclaimable anonymity in the standard model. In particular, our work improves the security and efficiency of Park and Sealfons work, which is unforgeable w.r.t. adversarially-chosen-key attack, and the ring signature size grows linearly in the ring size.

Cryptography and Security

Bao-Hong Li,Guoqing Xu,Yin-Liang Zhao

DOI: https://doi.org/10.1145/3078564.3078576

2017-01-01

Abstract:This paper1 introduces the notion of attribute-based concurrent signatures. This primitive can be considered as an interesting extension of concurrent signatures in the attribute-based setting. It allows two parties fairly exchange their signatures only if each of them has convinced the opposite party possesses certain attributes satisfying a given signing policy. Due to this new feature, this primitive can find useful applications in online contract signing, electronic transactions and so on. We formalize this notion and present a construction which is secure in the random oracle model under the Strong Diffie-Hellman assumption and the eXternal Diffie-Hellman assumption.

Yan Xu,Miaomiao Tian,Liusheng Huang,Wei Yang

2014-01-01

Abstract:Recently, Boyen at PKC 2010 proposed a lattice-based signature scheme in the standard model. In this paper, we show that his signature scheme does not satisfy strong unforgeability. In other words, an adversary can produce a new signature for a message M after seeing a signature of the message M. Then we present an improved scheme and prove that the improved scheme satisfies strong unforgeability. Furthermore, the improved signature scheme is as efficient as Boyen’s signature scheme.

Wen Gao,Liqun Chen,Yupu Hu,Christopher J. P. Newton,Baocang Wang,Jiangshan Chen

DOI: https://doi.org/10.1007/s10207-018-0417-1

2018-08-20

International Journal of Information Security

Abstract:In cryptography, a ring signature is anonymous as it hides the signer’s identity among other users. When generating the signature, the users are arranged as a ring. Compared with group signatures, a ring signature scheme needs no group manager or special setup and supports flexibility of group choice. However, the anonymity provided by ring signatures can be used to conceal a malicious signer and put other ring members under suspicion. At the other extreme, it does not allow the actual signer to prove their identity and gain recognition for their actions. A deniable ring signature is designed to overcome these disadvantages. It can initially protect the signer, but if necessary, it enables other ring members to deny their involvement, and allows the real signer to prove who made the signed action. Many real-world applications can benefit from such signatures. Inspired by the requirement for them to remain viable in the post-quantum age, this work proposes a new non-interactive deniable ring signature scheme based on lattice assumptions. Our scheme is proved to be anonymous, traceable and non-frameable under quantum attacks.

computer science, information systems, theory & methods, software engineering

Min Wang,Gui-Lu Long

DOI: https://doi.org/10.1007/s11432-024-4177-5

2024-11-10

Science China Information Sciences

Abstract:Access authentication scheme plays a foundational role in ensuring the security of communication networks. However, an access authentication scheme with high security and efficiency is still lacking in quantum communication networks. In this paper, we propose a lattice-based access authentication scheme for quantum communication networks in the manner of real-time interaction with the network control center, which could achieve properties of mutual authentication, conditional anonymity, data confidentiality, unforgeability, undeniability, and data integrity. We utilize the digital signature algorithm CRYSTALS-Dilithium and the key-establishment algorithm CRYSTALS-KYBER, both of which have been selected for standardization by the National Institute of Standards and Technology, to realize secure access authentication for users of the quantum communication networks. Specifically, in the quantum secure direct communication network, key-establishment is replaced by the verification of signatures encoded in quantum states. Our results demonstrate the feasibility of establishing a quantum-secure communication network.

computer science, information systems,engineering, electrical & electronic

Leixiao Cheng,Boru Gong,Yunlei Zhao

2018-01-01

Abstract:Given the current research status in lattice-based cryptography, it is commonly suggested that lattice-based signature could be subtler and harder to achieve. Among them, Dilithium [DLL+17, LDK+17] is one of the most promising signature candidates for the postquantum era, for its simplicity, efficiency, small public key size, and resistance against side channel attacks. The design of Dilithium is based on a list of pioneering works (e.g., [Lyu09, Lyu12, BG14]), and has very remarkable performance by very careful and comprehensive optimizations in implementation and parameter selection. Whether better trade-offs on the already remarkable performance of Dilithium can be made is left in [CRYSTALS] as an interesting open question. In this work, we provide new insights in interpreting the design of Dilithium, in terms of key consensus previously proposed in the literature for key encapsulation mechanisms (KEM) and key exchange (KEX). Based on the deterministic version of the optimal key consensus with noise (OKCN) mechanism, originally developed in [JZ16] for KEM/KEX, we present signature from key consensus with noise (SKCN), which could be viewed as generalization and optimization of Dilithium. The construction of SKCN is generic, modular and flexible, which in particular allows a much broader range of parameters for searching better tradeoffs among security, computational efficiency, and bandwidth. For example, on the recommended parameters, compared with Dilithium our SKCN scheme is more efficient both in computation and in bandwidth, while preserving the same level of post-quantum security. In addition, using the same routine of OKCN for both KEM/KEX and digital signature eases (hardware) implementation and deployment in practice, and is useful to simplify the system complexity of lattice-based cryptography in general.

Hong Zhao,Yan-yan Han,Shuhan Yu,Kaili Dou

DOI: https://doi.org/10.1117/12.2685750

2023-08-15

Abstract:The certificateless cryptography solves the certificate management and key escrow problems in the Internet of Things. However, these schemes are no longer safe in the quantum environment. Lattice cryptography has become the main method to solve quantum security. At present, only a few lattice-based certificateless signature schemes have been proposed and the use of the trapdoor function limits the efficiency of the lattice cryptography, and the security of these schemes can only reach existential unforgeability. We construct a lattice-based certificateless signature scheme based on Lyubashevsky's signature scheme. The security of our scheme can reach strong unforgeability and the computational efficiency of our scheme is lower than the previous schemes.

Computer Science,Engineering