Skip to main content
Erschienen in: Journal of Cryptology 2/2022

01.04.2022 | Research Article

Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices

verfasst von: Ivan Damgård, Claudio Orlandi, Akira Takahashi, Mehdi Tibouchi

Erschienen in: Journal of Cryptology | Ausgabe 2/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Although they have been studied for a long time, distributed signature protocols have garnered renewed interest in recent years in view of novel applications to topics like blockchains. Most recent works have focused on distributed versions of ECDSA or variants of Schnorr signatures; however, and in particular, little attention has been given to constructions based on post-quantum secure assumptions like the hardness of lattice problems. A few lattice-based threshold signature and multi-signature schemes have been proposed in the literature, but they either rely on hash-and-sign lattice signatures (which tend to be comparatively inefficient), use expensive generic transformations, or only come with incomplete security proofs. In this paper, we construct several lattice-based distributed signing protocols with low round complexity following the Fiat–Shamir with Aborts (FSwA) paradigm of Lyubashevsky (Asiacrypt 2009). Our protocols can be seen as distributed variants of the fast Dilithium-G signature scheme and the full security proof can be made assuming the hardness of module SIS and LWE problems. A key step to achieving security (unexplained in some earlier papers) is to prevent the leakage that can occur when parties abort after their first message—which can inevitably happen in the Fiat–Shamir with Aborts setting. We manage to do so using homomorphic commitments. Exploiting the similarities between FSwA and Schnorr-style signatures, our approach makes the most of observations from recent advancements in the discrete log setting, such as Drijvers et al.’s seminal work on two-round multi-signatures (S&P 2019). In particular, we observe that the use of commitment not only resolves the subtle issue with aborts, but also makes it possible to realize secure two-round n-out-of-n distributed signing and multi-signature in the plain public key model, by equipping the commitment with a trapdoor feature. The construction of suitable trapdoor commitment from lattices is a side contribution of this paper.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
It is still an open question whether the aborts issue can instead be resolved by careful parameter choice, allowing to simulate the rejected transcripts without any additional assumptions. But we are aware of on-going work in this direction. If the question is answered in the affirmative our three-round protocol could be proven secure even without a commitment. However, the use of homomorphic commitment is crucial for constructing our new two-round protocols, which is our main contribution.
 
2
We include this for completeness since, while the three-round protocol itself is not novel, to the best of our knowledge there has been no publicly available complete security proof solely relying on Module-LWE.
 
3
We remark that the “commitments” generated by \({\mathsf {H}}_1\) and \({\mathsf {H}}_2\) in Fig. 6 are not randomized, and therefore they are not hiding. In our protocol, however, all committed values have high min-entropy and this is indeed sufficient for the security proof to hold. Alternatively, one could cheaply turn them into full-fledged secure and extractable commitments by additionally hashing random strings that are to be sent out during the opening phase [80].
 
4
To be more precise, since the verification bound scales as \(n^{3/2}\), one should also increase q by the same bound to avoid arithmetic overflow. This makes the \(\mathsf {MSIS}_{}\) problem harder, but the \(\mathsf {MLWE}_{}\) easier if the dimension is kept unchanged. To keep the same security level, one should therefore also increase N by a factor of \(1+O(\frac{\log n}{\log q_0})\) where \(q_0\) is the value of q in the single-user setting. Therefore, one could in principle argue that signature size actually scales as \(O(\log ^2 n)\). However, one typically chooses \(q_0 > 2^{20}\), and therefore even in settings with billions of parties, \(\frac{\log n}{\log q_0} < 2\). Thus, one can effectively regard N as independent of n.
 
5
This condition could be actually relaxed somewhat by applying the result due to Nguyen [76]
 
Literatur
1.
Zurück zum Zitat H.K. Alper, J. Burdges, Two-round trip schnorr multi-signatures via delinearized witnesses. in CRYPTO 2021, Part I, vol. 12825 of LNCS, Virtual Event, (Springer, Heidelberg, 2021), pp. 157–188 H.K. Alper, J. Burdges, Two-round trip schnorr multi-signatures via delinearized witnesses. in CRYPTO 2021, Part I, vol. 12825 of LNCS, Virtual Event, (Springer, Heidelberg, 2021), pp. 157–188
2.
Zurück zum Zitat M. Abe, S. Fehr, Adaptively secure feldman VSS and applications to universally-composable threshold cryptography. in CRYPTO 2004, vol. 3152 of LNCS, (Springer, Heidelberg, 2004), pp. 317–334 M. Abe, S. Fehr, Adaptively secure feldman VSS and applications to universally-composable threshold cryptography. in CRYPTO 2004, vol. 3152 of LNCS, (Springer, Heidelberg, 2004), pp. 317–334
3.
Zurück zum Zitat M. Abdalla, P.-A. Fouque, V. Lyubashevsky, M. Tibouchi, Tightly secure signatures from lossy identification schemes. Journal of Cryptology, 29(3), 597–631, (2016)MathSciNetCrossRef M. Abdalla, P.-A. Fouque, V. Lyubashevsky, M. Tibouchi, Tightly secure signatures from lossy identification schemes. Journal of Cryptology, 29(3), 597–631, (2016)MathSciNetCrossRef
5.
Zurück zum Zitat G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, B. Grégoire, M. Rossi, M. Tibouchi, Masking the GLP lattice-based signature scheme at any order. in EUROCRYPT 2018, Part II, vol. 10821 of LNCS, (Springer, Heidelberg, 2018), pp. 354–384 G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, B. Grégoire, M. Rossi, M. Tibouchi, Masking the GLP lattice-based signature scheme at any order. in EUROCRYPT 2018, Part II, vol. 10821 of LNCS, (Springer, Heidelberg, 2018), pp. 354–384
6.
Zurück zum Zitat G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, M. Rossi, and M. Tibouchi, GALACTICS: Gaussian sampling for lattice-based constant- time implementation of cryptographic signatures, revisited. in ACM CCS 2019, (ACM Press, 2019), pp. 2147–2164 G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, M. Rossi, and M. Tibouchi, GALACTICS: Gaussian sampling for lattice-based constant- time implementation of cryptographic signatures, revisited. in ACM CCS 2019, (ACM Press, 2019), pp. 2147–2164
7.
Zurück zum Zitat A. Bagherzandi, J.H. Cheon, S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. in ACM CCS 2008, (ACM Press, 2008), pp. 449–458 A. Bagherzandi, J.H. Cheon, S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. in ACM CCS 2008, (ACM Press, 2008), pp. 449–458
8.
Zurück zum Zitat F. Benhamouda, J. Camenisch, S. Krenn, V. Lyubashevsky, G. Neven, Better zero-knowledge proofs for lattice encryption and their application to group signatures. in ASIACRYPT 2014, Part I, vol. 8873 of LNCS, (Springer, Heidelberg, 2014), pp. 551–572 F. Benhamouda, J. Camenisch, S. Krenn, V. Lyubashevsky, G. Neven, Better zero-knowledge proofs for lattice encryption and their application to group signatures. in ASIACRYPT 2014, Part I, vol. 8873 of LNCS, (Springer, Heidelberg, 2014), pp. 551–572
9.
Zurück zum Zitat M. Bellare, W. Dai, Chain reductions for multi-signatures and the HBMS scheme. in Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part IV, vol. 13093 of Lecture Notes in Computer Science, (Springer, 2021), pp. 650–678 M. Bellare, W. Dai, Chain reductions for multi-signatures and the HBMS scheme. in Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part IV, vol. 13093 of Lecture Notes in Computer Science, (Springer, 2021), pp. 650–678
10.
Zurück zum Zitat M. Bellare, H. Davis, F. Günther. Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. in EUROCRYPT 2020, Part II, vol. 12106 of LNCS, (Springer, Heidelberg, 2020), pp. 3–32 M. Bellare, H. Davis, F. Günther. Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. in EUROCRYPT 2020, Part II, vol. 12106 of LNCS, (Springer, Heidelberg, 2020), pp. 3–32
11.
Zurück zum Zitat C. Baum, I. Damgård, V. Lyubashevsky, S. Oechsner, C. Peikert, More efficient commitments from structured lattice assumptions. in SCN 18, vol. 11035 of LNCS, (Springer, Heidelberg, 2018), pp. 368–385 C. Baum, I. Damgård, V. Lyubashevsky, S. Oechsner, C. Peikert, More efficient commitments from structured lattice assumptions. in SCN 18, vol. 11035 of LNCS, (Springer, Heidelberg, 2018), pp. 368–385
12.
Zurück zum Zitat D. Boneh, R. Gennaro, S. Goldfeder, A. Jain, S. Kim, P. M. R. Rasmussen, A. Sahai, Threshold cryptosystems from threshold fully homomorphic encryption. in CRYPTO 2018, Part I, vol. 10991 of LNCS, (Springer, Heidelberg, 2018), pp. 565–596 D. Boneh, R. Gennaro, S. Goldfeder, A. Jain, S. Kim, P. M. R. Rasmussen, A. Sahai, Threshold cryptosystems from threshold fully homomorphic encryption. in CRYPTO 2018, Part I, vol. 10991 of LNCS, (Springer, Heidelberg, 2018), pp. 565–596
13.
Zurück zum Zitat F. Benhamouda, S. Krenn, V. Lyubashevsky, K. Pietrzak, Efficient zero-knowledge proofs for commitments from learning with errors over rings. In ESORICS 2015, Part I, vol. 9326 of LNCS, (Springer, Heidelberg, 2015), pp. 305–325 F. Benhamouda, S. Krenn, V. Lyubashevsky, K. Pietrzak, Efficient zero-knowledge proofs for commitments from learning with errors over rings. In ESORICS 2015, Part I, vol. 9326 of LNCS, (Springer, Heidelberg, 2015), pp. 305–325
14.
Zurück zum Zitat R. Bendlin, S. Krehbiel, C. Peikert, How to share a lattice trapdoor: Threshold protocols for signatures and (H)IBE. in ACNS 13, vol. 7954 of LNCS, (Springer, Heidelberg, 2013), pp. 218–236 R. Bendlin, S. Krehbiel, C. Peikert, How to share a lattice trapdoor: Threshold protocols for signatures and (H)IBE. in ACNS 13, vol. 7954 of LNCS, (Springer, Heidelberg, 2013), pp. 218–236
15.
Zurück zum Zitat J. Bootle, V. Lyubashevsky, G. Seiler, Algebraic techniques for short(er) exact lattice-based zero-knowledge proofs. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 176–202 J. Bootle, V. Lyubashevsky, G. Seiler, Algebraic techniques for short(er) exact lattice-based zero-knowledge proofs. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 176–202
16.
Zurück zum Zitat M. Bellare, G. Neven, Multi-signatures in the plain public-key model and a general forking lemma. in ACM CCS 2006, (ACM Press, 2006), pp. 390–399 M. Bellare, G. Neven, Multi-signatures in the plain public-key model and a general forking lemma. in ACM CCS 2006, (ACM Press, 2006), pp. 390–399
17.
Zurück zum Zitat K. Boudgoust, A. Roux-Langlois, Compressed linear aggregate signatures based on module lattices. IACR Cryptol. ePrint Arch., p. 263, 2021 K. Boudgoust, A. Roux-Langlois, Compressed linear aggregate signatures based on module lattices. IACR Cryptol. ePrint Arch., p. 263, 2021
18.
Zurück zum Zitat S. Bettaieb, J. Schrek, Improved lattice-based threshold ring signature scheme. in Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, (Springer, Heidelberg, 2013), pp. 34–51 S. Bettaieb, J. Schrek, Improved lattice-based threshold ring signature scheme. in Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, (Springer, Heidelberg, 2013), pp. 34–51
19.
Zurück zum Zitat G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Two-party ECDSA from hash proof systems and efficient instantiations. in CRYPTO 2019, Part III, vol. 11694 of LNCS, (Springer, Heidelberg, 2019), pp. 191–221 G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Two-party ECDSA from hash proof systems and efficient instantiations. in CRYPTO 2019, Part III, vol. 11694 of LNCS, (Springer, Heidelberg, 2019), pp. 191–221
20.
Zurück zum Zitat G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Bandwidth-efficient threshold EC-DSA. in PKC 2020, Part II, vol. 12111 of LNCS, (Springer, Heidelberg, 2020), pp. 266–296 G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Bandwidth-efficient threshold EC-DSA. in PKC 2020, Part II, vol. 12111 of LNCS, (Springer, Heidelberg, 2020), pp. 266–296
21.
Zurück zum Zitat R. Canetti, R. Gennaro, S. Goldfeder, N. Makriyannis, U. Peled, UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In ACM CCS 2020, (ACM Press, 2020), pp. 1769–1787 R. Canetti, R. Gennaro, S. Goldfeder, N. Makriyannis, U. Peled, UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In ACM CCS 2020, (ACM Press, 2020), pp. 1769–1787
22.
Zurück zum Zitat D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 523–552 D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 523–552
23.
Zurück zum Zitat R. Choi, K. Kim, Lattice-based multi-signature with linear homomorphism. in 2016 Symposium on Cryptography and Information Security (SCIS 2016), 2016 R. Choi, K. Kim, Lattice-based multi-signature with linear homomorphism. in 2016 Symposium on Cryptography and Information Security (SCIS 2016), 2016
24.
Zurück zum Zitat P. Cayrel, R. Lindner, M. Rückert, R. Silva, A lattice-based threshold ring signature scheme. in LATINCRYPT 2010, vol. 6212 of LNCS, (Springer, 2010), pp. 255–272 P. Cayrel, R. Lindner, M. Rückert, R. Silva, A lattice-based threshold ring signature scheme. in LATINCRYPT 2010, vol. 6212 of LNCS, (Springer, 2010), pp. 255–272
25.
Zurück zum Zitat M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Delayed-input non-malleable zero knowledge and multi-party coin tossing in four rounds. in TCC 2017, Part I, vol. 10677 of LNCS, (Springer, Heidelberg, 2017), pp. 711–742 M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Delayed-input non-malleable zero knowledge and multi-party coin tossing in four rounds. in TCC 2017, Part I, vol. 10677 of LNCS, (Springer, Heidelberg, 2017), pp. 711–742
26.
Zurück zum Zitat M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Four-round concurrent non-malleable commitments from one-way functions. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 127–157 M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Four-round concurrent non-malleable commitments from one-way functions. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 127–157
27.
Zurück zum Zitat M. Ciampi, G. Persiano, A. Scafuro, L. Siniscalchi, I. Visconti, Improved OR-composition of sigma-protocols. in TCC 2016-A, Part II, vol. 9563 of LNCS, (Springer, Heidelberg, 2016), pp. 112–141 M. Ciampi, G. Persiano, A. Scafuro, L. Siniscalchi, I. Visconti, Improved OR-composition of sigma-protocols. in TCC 2016-A, Part II, vol. 9563 of LNCS, (Springer, Heidelberg, 2016), pp. 112–141
28.
Zurück zum Zitat D. Cozzo, N. P. Smart, Sharing the LUOV: Threshold post-quantum signatures. in 17th IMA International Conference on Cryptography and Coding, vol. 11929 of LNCS, (Springer, Heidelberg, 2019), pp. 128–153 D. Cozzo, N. P. Smart, Sharing the LUOV: Threshold post-quantum signatures. in 17th IMA International Conference on Cryptography and Coding, vol. 11929 of LNCS, (Springer, Heidelberg, 2019), pp. 128–153
29.
Zurück zum Zitat I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model. in EUROCRYPT 2000, vol. 1807 of LNCS, (Springer, Heidelberg, 2000), pp. 418–430 I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model. in EUROCRYPT 2000, vol. 1807 of LNCS, (Springer, Heidelberg, 2000), pp. 418–430
30.
Zurück zum Zitat L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal Gaussians. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 40–56 L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal Gaussians. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 40–56
31.
Zurück zum Zitat M. Drijvers, K. Edalatnejad, B. Ford, E. Kiltz, J. Loss, G. Neven, I. Stepanovs. On the security of two-round multi-signatures. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1084–1101 M. Drijvers, K. Edalatnejad, B. Ford, E. Kiltz, J. Loss, G. Neven, I. Stepanovs. On the security of two-round multi-signatures. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1084–1101
33.
Zurück zum Zitat I. Damgård, T.P. Jakobsen, J.B. Nielsen, J.I. Pagter, M.B. Østergaard, Fast threshold ECDSA with honest majority. In SCN 20, vol. 12238 of LNCS, (Springer, Heidelberg, 2020), pp. 382–400 I. Damgård, T.P. Jakobsen, J.B. Nielsen, J.I. Pagter, M.B. Østergaard, Fast threshold ECDSA with honest majority. In SCN 20, vol. 12238 of LNCS, (Springer, Heidelberg, 2020), pp. 382–400
34.
Zurück zum Zitat J. Doerner, Y. Kondi, E. Lee, a. shelat. Secure two-party threshold ECDSA from ECDSA assumptions. in 2018 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2018), pp. 980–997 J. Doerner, Y. Kondi, E. Lee, a. shelat. Secure two-party threshold ECDSA from ECDSA assumptions. in 2018 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2018), pp. 980–997
35.
Zurück zum Zitat J. Doerner, Y. Kondi, E. Lee, a. shelat, Threshold ECDSA from ECDSA assumptions: The multiparty case. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1051–1066 J. Doerner, Y. Kondi, E. Lee, a. shelat, Threshold ECDSA from ECDSA assumptions: The multiparty case. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1051–1066
37.
Zurück zum Zitat R. del Pino, V. Lyubashevsky, G. Seiler. Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In ACM CCS 2018, (ACM Press, 2018), pp. 574–591 R. del Pino, V. Lyubashevsky, G. Seiler. Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In ACM CCS 2018, (ACM Press, 2018), pp. 574–591
38.
Zurück zum Zitat L. Ducas, D. Micciancio, Improved short lattice signatures in the standard model. in CRYPTO 2014, Part I, vol. 8616 of LNCS, (Springer, Heidelberg, 2014), pp. 335–352 L. Ducas, D. Micciancio, Improved short lattice signatures in the standard model. in CRYPTO 2014, Part I, vol. 8616 of LNCS, (Springer, Heidelberg, 2014), pp. 335–352
39.
Zurück zum Zitat A.P.K. Dalskov, C. Orlandi, M. Keller, K. Shrishak, H. Shulman, Securing DNSSEC keys via threshold ECDSA from generic MPC. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 654–673 A.P.K. Dalskov, C. Orlandi, M. Keller, K. Shrishak, H. Shulman, Securing DNSSEC keys via threshold ECDSA from generic MPC. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 654–673
40.
Zurück zum Zitat M.F. Esgin, O. Ersoy, Z. Erkin, Post-quantum adaptor signatures and payment channel networks. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 378–397 M.F. Esgin, O. Ersoy, Z. Erkin, Post-quantum adaptor signatures and payment channel networks. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 378–397
41.
Zurück zum Zitat R. El Bansarkhani, J. Sturm, An efficient lattice-based multisignature scheme with applications to bitcoins. in CANS 16, vol. 10052 of LNCS, (Springer, Heidelberg, 2016), pp. 140–155 R. El Bansarkhani, J. Sturm, An efficient lattice-based multisignature scheme with applications to bitcoins. in CANS 16, vol. 10052 of LNCS, (Springer, Heidelberg, 2016), pp. 140–155
42.
Zurück zum Zitat M.F. Esgin, R. Steinfeld, J.K. Liu, D. Liu, Lattice-based zero-knowledge proofs: New techniques for shorter and faster constructions and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 115–146 M.F. Esgin, R. Steinfeld, J.K. Liu, D. Liu, Lattice-based zero-knowledge proofs: New techniques for shorter and faster constructions and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 115–146
43.
Zurück zum Zitat M. F. Esgin, R. Steinfeld, A. Sakzad, J. K. Liu, D. Liu, Short lattice-based one-out-of-many proofs and applications to ring signatures. In ACNS 19, vol. 11464 of LNCS, (Springer, Heidelberg, 2019), pp. 67–88 M. F. Esgin, R. Steinfeld, A. Sakzad, J. K. Liu, D. Liu, Short lattice-based one-out-of-many proofs and applications to ring signatures. In ACNS 19, vol. 11464 of LNCS, (Springer, Heidelberg, 2019), pp. 67–88
44.
Zurück zum Zitat M. Fukumitsu, S. Hasegawa. A tightly-secure lattice-based multisignature. in APKC@AsiaCCS 2019, (ACM, 2019), pp. 3–11 M. Fukumitsu, S. Hasegawa. A tightly-secure lattice-based multisignature. in APKC@AsiaCCS 2019, (ACM, 2019), pp. 3–11
45.
Zurück zum Zitat M. Fukumitsu, S. Hasegawa, A lattice-based provably secure multisignature scheme in quantum random oracle model. in ProvSec 2020, vol. 12505 of LNCS, (Springer, Heidelberg, 2020), pp. 45–64 M. Fukumitsu, S. Hasegawa, A lattice-based provably secure multisignature scheme in quantum random oracle model. in ProvSec 2020, vol. 12505 of LNCS, (Springer, Heidelberg, 2020), pp. 45–64
46.
Zurück zum Zitat R. Gennaro, S. Goldfeder, Fast multiparty threshold ECDSA with fast trustless setup. in ACM CCS 2018, (ACM Press, 2018), pp. 1179–1194 R. Gennaro, S. Goldfeder, Fast multiparty threshold ECDSA with fast trustless setup. in ACM CCS 2018, (ACM Press, 2018), pp. 1179–1194
48.
Zurück zum Zitat R. Gennaro, S. Goldfeder, A. Narayanan, Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. in ACNS 16, vol. 9696 of LNCS, (Springer, Heidelberg, 2016), pp. 156–174 R. Gennaro, S. Goldfeder, A. Narayanan, Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. in ACNS 16, vol. 9696 of LNCS, (Springer, Heidelberg, 2016), pp. 156–174
49.
Zurück zum Zitat R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology, 20(1), 51–83, (2007).MathSciNetCrossRef R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology, 20(1), 51–83, (2007).MathSciNetCrossRef
51.
Zurück zum Zitat T. Güneysu, V. Lyubashevsky, T. Pöppelmann, Practical lattice-based cryptography: A signature scheme for embedded systems. in CHES 2012, vol. 7428 of LNCS, (Springer, Heidelberg, 2012), pp. 530–547 T. Güneysu, V. Lyubashevsky, T. Pöppelmann, Practical lattice-based cryptography: A signature scheme for embedded systems. in CHES 2012, vol. 7428 of LNCS, (Springer, Heidelberg, 2012), pp. 530–547
52.
Zurück zum Zitat N. Genise, D. Micciancio, Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 174–203 N. Genise, D. Micciancio, Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 174–203
53.
Zurück zum Zitat C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions. in 40th ACM STOC, (ACM Press, 2008), pp. 197–206 C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions. in 40th ACM STOC, (ACM Press, 2008), pp. 197–206
54.
Zurück zum Zitat C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 75–92 C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 75–92
55.
Zurück zum Zitat S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices. in 47th ACM STOC, (ACM Press, 2015), pp. 469–477 S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices. in 47th ACM STOC, (ACM Press, 2015), pp. 469–477
56.
Zurück zum Zitat N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 235–256 N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 235–256
57.
Zurück zum Zitat M. Kansal, R. Dutta, Round optimal secure multisignature schemes from lattice with public key aggregation and signature compression. In AFRICACRYPT 20, vol. 12174 of LNCS, (Springer, Heidelberg, 2020), pp. 281–300 M. Kansal, R. Dutta, Round optimal secure multisignature schemes from lattice with public key aggregation and signature compression. In AFRICACRYPT 20, vol. 12174 of LNCS, (Springer, Heidelberg, 2020), pp. 281–300
58.
Zurück zum Zitat C. Komlo, I. Goldberg, FROST: flexible round-optimized schnorr threshold signatures. in Selected Areas in Cryptography - SAC 2020 - 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers, vol. 12804 of Lecture Notes in Computer Science, (Springer, 2020), pp. 34–65 C. Komlo, I. Goldberg, FROST: flexible round-optimized schnorr threshold signatures. in Selected Areas in Cryptography - SAC 2020 - 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers, vol. 12804 of Lecture Notes in Computer Science, (Springer, 2020), pp. 34–65
59.
Zurück zum Zitat E. Kiltz, V. Lyubashevsky, C. Schaffner, A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. in EUROCRYPT 2018, Part III, vol. 10822 of LNCS, (Springer, Heidelberg, 2018), pp. 552–586 E. Kiltz, V. Lyubashevsky, C. Schaffner, A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. in EUROCRYPT 2018, Part III, vol. 10822 of LNCS, (Springer, Heidelberg, 2018), pp. 552–586
61.
Zurück zum Zitat Y. Lindell, Fast secure two-party ECDSA signing. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 613–644 Y. Lindell, Fast secure two-party ECDSA signing. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 613–644
62.
Zurück zum Zitat Y. Lindell, A. Nof, Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. in ACM CCS 2018, (ACM Press, 2018), pp. 1837–1854 Y. Lindell, A. Nof, Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. in ACM CCS 2018, (ACM Press, 2018), pp. 1837–1854
63.
Zurück zum Zitat B. Libert, K. Nguyen, B.H.M. Tan, H. Wang, Zero-knowledge elementary databases with more expressive queries. in PKC 2019, Part I, vol. 11442 of LNCS, (Springer, Heidelberg, 2019), pp. 255–285 B. Libert, K. Nguyen, B.H.M. Tan, H. Wang, Zero-knowledge elementary databases with more expressive queries. in PKC 2019, Part I, vol. 11442 of LNCS, (Springer, Heidelberg, 2019), pp. 255–285
64.
Zurück zum Zitat V. Lyubashevsky, C. Peikert, O. Regev, A toolkit for ring-LWE cryptography. in EUROCRYPT 2013, vol. 7881 of LNCS, (Springer, Heidelberg, 2013), pp. 35–54 V. Lyubashevsky, C. Peikert, O. Regev, A toolkit for ring-LWE cryptography. in EUROCRYPT 2013, vol. 7881 of LNCS, (Springer, Heidelberg, 2013), pp. 35–54
65.
Zurück zum Zitat V. Lyubashevsky, G. Seiler, Short, invertible elements in partially splitting cyclotomic rings and applications to lattice-based zero-knowledge proofs. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 204–224 V. Lyubashevsky, G. Seiler, Short, invertible elements in partially splitting cyclotomic rings and applications to lattice-based zero-knowledge proofs. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 204–224
67.
Zurück zum Zitat V. Lyubashevsky, Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures. in ASIACRYPT 2009, vol. 5912 of LNCS, (Springer, Heidelberg, 2009), pp. 598–616 V. Lyubashevsky, Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures. in ASIACRYPT 2009, vol. 5912 of LNCS, (Springer, Heidelberg, 2009), pp. 598–616
68.
Zurück zum Zitat V. Lyubashevsky, Lattice signatures without trapdoors. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 738–755 V. Lyubashevsky, Lattice signatures without trapdoors. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 738–755
70.
Zurück zum Zitat C. Ma, M. Jiang, Practical lattice-based multisignature schemes for blockchains. IEEE Access, 7, 179765–179778, (2019)CrossRef C. Ma, M. Jiang, Practical lattice-based multisignature schemes for blockchains. IEEE Access, 7, 179765–179778, (2019)CrossRef
71.
Zurück zum Zitat S. Micali, K. Ohta, L. Reyzin, Accountable-subgroup multisignatures: Extended abstract. in ACM CCS 2001, (ACM Press, 2001), pp. 245–254 S. Micali, K. Ohta, L. Reyzin, Accountable-subgroup multisignatures: Extended abstract. in ACM CCS 2001, (ACM Press, 2001), pp. 245–254
72.
Zurück zum Zitat D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 700–718 D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 700–718
73.
Zurück zum Zitat D. Micciancio, C. Peikert, Hardness of SIS and LWE with small parameters. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 21–39 D. Micciancio, C. Peikert, Hardness of SIS and LWE with small parameters. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 21–39
74.
Zurück zum Zitat G. Maxwell, A. Poelstra, Y. Seurin, P. Wuille, Simple schnorr multi-signatures with applications to bitcoin. Des. Codes Cryptogr., 87(9), 2139–2164, (2019)MathSciNetCrossRef G. Maxwell, A. Poelstra, Y. Seurin, P. Wuille, Simple schnorr multi-signatures with applications to bitcoin. Des. Codes Cryptogr., 87(9), 2139–2164, (2019)MathSciNetCrossRef
75.
Zurück zum Zitat C. Ma, J. Weng, Y. Li, R.H. Deng, Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr., 54(2), 121–133, (2010)MathSciNetCrossRef C. Ma, J. Weng, Y. Li, R.H. Deng, Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr., 54(2), 121–133, (2010)MathSciNetCrossRef
76.
Zurück zum Zitat N.K. Nguyen, On the non-existence of short vectors in random module lattices. in ASIACRYPT 2019, Part II, vol. 11922 of LNCS, (Springer, Heidelberg, 2019), pp. 121–150 N.K. Nguyen, On the non-existence of short vectors in random module lattices. in ASIACRYPT 2019, Part II, vol. 11922 of LNCS, (Springer, Heidelberg, 2019), pp. 121–150
77.
Zurück zum Zitat A. Nicolosi, M.N. Krohn, Y. Dodis, D. Mazières, Proactive two-party signatures for user authentication. in NDSS 2003. (The Internet Society, 2003) A. Nicolosi, M.N. Krohn, Y. Dodis, D. Mazières, Proactive two-party signatures for user authentication. in NDSS 2003. (The Internet Society, 2003)
78.
Zurück zum Zitat J. Nick, T. Ruffing, Y. Seurin, MuSig2: Simple two-round Schnorr multi-signatures. in CRYPTO 2021, Part I, vol. 12825 of LNCS, (Virtual Event, 2021. Springer, Heidelberg), pp. 189–221 J. Nick, T. Ruffing, Y. Seurin, MuSig2: Simple two-round Schnorr multi-signatures. in CRYPTO 2021, Part I, vol. 12825 of LNCS, (Virtual Event, 2021. Springer, Heidelberg), pp. 189–221
79.
Zurück zum Zitat J. Nick, T. Ruffing, Y. Seurin, P. Wuille, MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. in ACM CCS 2020, (ACM Press, 2020), pp. 1717–1731 J. Nick, T. Ruffing, Y. Seurin, P. Wuille, MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. in ACM CCS 2020, (ACM Press, 2020), pp. 1717–1731
80.
Zurück zum Zitat R. Pass, On deniability in the common reference string and random oracle model. in CRYPTO 2003, vol. 2729 of LNCS, (Springer, Heidelberg, 2003), pp. 316–337 R. Pass, On deniability in the common reference string and random oracle model. in CRYPTO 2003, vol. 2729 of LNCS, (Springer, Heidelberg, 2003), pp. 316–337
81.
Zurück zum Zitat T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. in CRYPTO’91, vol. 576 of LNCS, (Springer, Heidelberg, 1992), pp. 129–140 T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. in CRYPTO’91, vol. 576 of LNCS, (Springer, Heidelberg, 1992), pp. 129–140
82.
Zurück zum Zitat C. Peikert, An efficient and parallel Gaussian sampler for lattices. in CRYPTO 2010, vol. 6223 of LNCS, (Springer, Heidelberg, 2010), pp. 80–97 C. Peikert, An efficient and parallel Gaussian sampler for lattices. in CRYPTO 2010, vol. 6223 of LNCS, (Springer, Heidelberg, 2010), pp. 80–97
83.
Zurück zum Zitat D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361–396, (2000)CrossRef D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361–396, (2000)CrossRef
84.
Zurück zum Zitat C.-P. Schnorr, Efficient identification and signatures for smart cards. in CRYPTO’89, vol. 435 of LNCS, (Springer, Heidelberg, 1990), pp. 239–252 C.-P. Schnorr, Efficient identification and signatures for smart cards. in CRYPTO’89, vol. 435 of LNCS, (Springer, Heidelberg, 1990), pp. 239–252
85.
Zurück zum Zitat D.R. Stinson, R. Strobl, Provably secure distributed Schnorr signatures and a \((t, n)\) threshold scheme for implicit certificates. in ACISP 01, vol. 2119 of LNCS, (Springer, Heidelberg, 2001), pp. 417–434 D.R. Stinson, R. Strobl, Provably secure distributed Schnorr signatures and a \((t, n)\) threshold scheme for implicit certificates. in ACISP 01, vol. 2119 of LNCS, (Springer, Heidelberg, 2001), pp. 417–434
86.
Zurück zum Zitat E. Syta, I. Tamas, D. Visher, D.I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, B. Ford, Keeping authorities “honest or bust” with decentralized witness cosigning. in 2016 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2016), pp. 526–545 E. Syta, I. Tamas, D. Visher, D.I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, B. Ford, Keeping authorities “honest or bust” with decentralized witness cosigning. in 2016 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2016), pp. 526–545
88.
Zurück zum Zitat R. Tso, Z. Liu, Y. Tseng, Identity-based blind multisignature from lattices. IEEE Access, 7, 182916–182923, (2019)CrossRef R. Tso, Z. Liu, Y. Tseng, Identity-based blind multisignature from lattices. IEEE Access, 7, 182916–182923, (2019)CrossRef
89.
Zurück zum Zitat W.A. Torres, R. Steinfeld, A. Sakzad, V. Kuchta, Post-quantum linkable ring signature enabling distributed authorised ring confidential transactions in blockchain. Cryptology ePrint Archive, Report 2020/1121, 2020. https://eprint.iacr.org/2020/1121 W.A. Torres, R. Steinfeld, A. Sakzad, V. Kuchta, Post-quantum linkable ring signature enabling distributed authorised ring confidential transactions in blockchain. Cryptology ePrint Archive, Report 2020/1121, 2020. https://​eprint.​iacr.​org/​2020/​1121
90.
Zurück zum Zitat D. Wagner, A generalized birthday problem. in CRYPTO 2002, vol. 2442 of LNCS, (Springer, Heidelberg, 2002), pp. 288–303 D. Wagner, A generalized birthday problem. in CRYPTO 2002, vol. 2442 of LNCS, (Springer, Heidelberg, 2002), pp. 288–303
91.
Zurück zum Zitat R. Yang, M. H. Au, Z. Zhang, Q. Xu, Z. Yu, W. Whyte, Efficient lattice-based zero-knowledge arguments with standard soundness: Construction and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 147–175 R. Yang, M. H. Au, Z. Zhang, Q. Xu, Z. Yu, W. Whyte, Efficient lattice-based zero-knowledge arguments with standard soundness: Construction and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 147–175
Metadaten
Titel
Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices
verfasst von
Ivan Damgård
Claudio Orlandi
Akira Takahashi
Mehdi Tibouchi
Publikationsdatum
01.04.2022
Verlag
Springer US
Erschienen in
Journal of Cryptology / Ausgabe 2/2022
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI
https://doi.org/10.1007/s00145-022-09425-3

Weitere Artikel der Ausgabe 2/2022

Journal of Cryptology 2/2022 Zur Ausgabe

Research Article

Semi-quantum Money

Premium Partner