nach oben

Journal of Cryptology

Erschienen in:

01.04.2022 | Research Article

Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices

verfasst von: Ivan Damgård, Claudio Orlandi, Akira Takahashi, Mehdi Tibouchi

Erschienen in: Journal of Cryptology | Ausgabe 2/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Although they have been studied for a long time, distributed signature protocols have garnered renewed interest in recent years in view of novel applications to topics like blockchains. Most recent works have focused on distributed versions of ECDSA or variants of Schnorr signatures; however, and in particular, little attention has been given to constructions based on post-quantum secure assumptions like the hardness of lattice problems. A few lattice-based threshold signature and multi-signature schemes have been proposed in the literature, but they either rely on hash-and-sign lattice signatures (which tend to be comparatively inefficient), use expensive generic transformations, or only come with incomplete security proofs. In this paper, we construct several lattice-based distributed signing protocols with low round complexity following the Fiat–Shamir with Aborts (FSwA) paradigm of Lyubashevsky (Asiacrypt 2009). Our protocols can be seen as distributed variants of the fast Dilithium-G signature scheme and the full security proof can be made assuming the hardness of module SIS and LWE problems. A key step to achieving security (unexplained in some earlier papers) is to prevent the leakage that can occur when parties abort after their first message—which can inevitably happen in the Fiat–Shamir with Aborts setting. We manage to do so using homomorphic commitments. Exploiting the similarities between FSwA and Schnorr-style signatures, our approach makes the most of observations from recent advancements in the discrete log setting, such as Drijvers et al.’s seminal work on two-round multi-signatures (S&P 2019). In particular, we observe that the use of commitment not only resolves the subtle issue with aborts, but also makes it possible to realize secure two-round n-out-of-n distributed signing and multi-signature in the plain public key model, by equipping the commitment with a trapdoor feature. The construction of suitable trapdoor commitment from lattices is a side contribution of this paper.

Vorheriger Artikel TinyKeys: A New Approach to Efficient Multi-Party Computation

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

It is still an open question whether the aborts issue can instead be resolved by careful parameter choice, allowing to simulate the rejected transcripts without any additional assumptions. But we are aware of on-going work in this direction. If the question is answered in the affirmative our three-round protocol could be proven secure even without a commitment. However, the use of homomorphic commitment is crucial for constructing our new two-round protocols, which is our main contribution.

We include this for completeness since, while the three-round protocol itself is not novel, to the best of our knowledge there has been no publicly available complete security proof solely relying on Module-LWE.

We remark that the “commitments” generated by \({\mathsf {H}}_1\) and \({\mathsf {H}}_2\) in Fig. 6 are not randomized, and therefore they are not hiding. In our protocol, however, all committed values have high min-entropy and this is indeed sufficient for the security proof to hold. Alternatively, one could cheaply turn them into full-fledged secure and extractable commitments by additionally hashing random strings that are to be sent out during the opening phase [80].

To be more precise, since the verification bound scales as \(n^{3/2}\), one should also increase q by the same bound to avoid arithmetic overflow. This makes the \(\mathsf {MSIS}_{}\) problem harder, but the \(\mathsf {MLWE}_{}\) easier if the dimension is kept unchanged. To keep the same security level, one should therefore also increase N by a factor of \(1+O(\frac{\log n}{\log q_0})\) where \(q_0\) is the value of q in the single-user setting. Therefore, one could in principle argue that signature size actually scales as \(O(\log ^2 n)\). However, one typically chooses \(q_0 > 2^{20}\), and therefore even in settings with billions of parties, \(\frac{\log n}{\log q_0} < 2\). Thus, one can effectively regard N as independent of n.

This condition could be actually relaxed somewhat by applying the result due to Nguyen [76]

H.K. Alper, J. Burdges, Two-round trip schnorr multi-signatures via delinearized witnesses. in CRYPTO 2021, Part I, vol. 12825 of LNCS, Virtual Event, (Springer, Heidelberg, 2021), pp. 157–188

M. Abe, S. Fehr, Adaptively secure feldman VSS and applications to universally-composable threshold cryptography. in CRYPTO 2004, vol. 3152 of LNCS, (Springer, Heidelberg, 2004), pp. 317–334

M. Abdalla, P.-A. Fouque, V. Lyubashevsky, M. Tibouchi, Tightly secure signatures from lossy identification schemes. Journal of Cryptology, 29(3), 597–631, (2016)MathSciNetCrossRef

N. Bindel, S. Akleylek, E. Alkim, P.S.L.M. Barreto, J. Buchmann, E. Eaton, G. Gutoski, J. Kramer, P. Longa, H. Polat, J. E. Ricardini, G. Zanon, qTESLA. Technical report, National Institute of Standards and Technology, 2019. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, B. Grégoire, M. Rossi, M. Tibouchi, Masking the GLP lattice-based signature scheme at any order. in EUROCRYPT 2018, Part II, vol. 10821 of LNCS, (Springer, Heidelberg, 2018), pp. 354–384

G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, M. Rossi, and M. Tibouchi, GALACTICS: Gaussian sampling for lattice-based constant- time implementation of cryptographic signatures, revisited. in ACM CCS 2019, (ACM Press, 2019), pp. 2147–2164

A. Bagherzandi, J.H. Cheon, S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. in ACM CCS 2008, (ACM Press, 2008), pp. 449–458

F. Benhamouda, J. Camenisch, S. Krenn, V. Lyubashevsky, G. Neven, Better zero-knowledge proofs for lattice encryption and their application to group signatures. in ASIACRYPT 2014, Part I, vol. 8873 of LNCS, (Springer, Heidelberg, 2014), pp. 551–572

M. Bellare, W. Dai, Chain reductions for multi-signatures and the HBMS scheme. in Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part IV, vol. 13093 of Lecture Notes in Computer Science, (Springer, 2021), pp. 650–678

10.

M. Bellare, H. Davis, F. Günther. Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. in EUROCRYPT 2020, Part II, vol. 12106 of LNCS, (Springer, Heidelberg, 2020), pp. 3–32

11.

C. Baum, I. Damgård, V. Lyubashevsky, S. Oechsner, C. Peikert, More efficient commitments from structured lattice assumptions. in SCN 18, vol. 11035 of LNCS, (Springer, Heidelberg, 2018), pp. 368–385

12.

D. Boneh, R. Gennaro, S. Goldfeder, A. Jain, S. Kim, P. M. R. Rasmussen, A. Sahai, Threshold cryptosystems from threshold fully homomorphic encryption. in CRYPTO 2018, Part I, vol. 10991 of LNCS, (Springer, Heidelberg, 2018), pp. 565–596

13.

F. Benhamouda, S. Krenn, V. Lyubashevsky, K. Pietrzak, Efficient zero-knowledge proofs for commitments from learning with errors over rings. In ESORICS 2015, Part I, vol. 9326 of LNCS, (Springer, Heidelberg, 2015), pp. 305–325

14.

R. Bendlin, S. Krehbiel, C. Peikert, How to share a lattice trapdoor: Threshold protocols for signatures and (H)IBE. in ACNS 13, vol. 7954 of LNCS, (Springer, Heidelberg, 2013), pp. 218–236

15.

J. Bootle, V. Lyubashevsky, G. Seiler, Algebraic techniques for short(er) exact lattice-based zero-knowledge proofs. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 176–202

16.

M. Bellare, G. Neven, Multi-signatures in the plain public-key model and a general forking lemma. in ACM CCS 2006, (ACM Press, 2006), pp. 390–399

17.

K. Boudgoust, A. Roux-Langlois, Compressed linear aggregate signatures based on module lattices. IACR Cryptol. ePrint Arch., p. 263, 2021

18.

S. Bettaieb, J. Schrek, Improved lattice-based threshold ring signature scheme. in Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, (Springer, Heidelberg, 2013), pp. 34–51

19.

G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Two-party ECDSA from hash proof systems and efficient instantiations. in CRYPTO 2019, Part III, vol. 11694 of LNCS, (Springer, Heidelberg, 2019), pp. 191–221

20.

G. Castagnos, D. Catalano, F. Laguillaumie, F. Savasta, I. Tucker. Bandwidth-efficient threshold EC-DSA. in PKC 2020, Part II, vol. 12111 of LNCS, (Springer, Heidelberg, 2020), pp. 266–296

21.

R. Canetti, R. Gennaro, S. Goldfeder, N. Makriyannis, U. Peled, UC non-interactive, proactive, threshold ECDSA with identifiable aborts. In ACM CCS 2020, (ACM Press, 2020), pp. 1769–1787

22.

D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 523–552

23.

R. Choi, K. Kim, Lattice-based multi-signature with linear homomorphism. in 2016 Symposium on Cryptography and Information Security (SCIS 2016), 2016

24.

P. Cayrel, R. Lindner, M. Rückert, R. Silva, A lattice-based threshold ring signature scheme. in LATINCRYPT 2010, vol. 6212 of LNCS, (Springer, 2010), pp. 255–272

25.

M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Delayed-input non-malleable zero knowledge and multi-party coin tossing in four rounds. in TCC 2017, Part I, vol. 10677 of LNCS, (Springer, Heidelberg, 2017), pp. 711–742

26.

M. Ciampi, R. Ostrovsky, L. Siniscalchi, I. Visconti, Four-round concurrent non-malleable commitments from one-way functions. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 127–157

27.

M. Ciampi, G. Persiano, A. Scafuro, L. Siniscalchi, I. Visconti, Improved OR-composition of sigma-protocols. in TCC 2016-A, Part II, vol. 9563 of LNCS, (Springer, Heidelberg, 2016), pp. 112–141

28.

D. Cozzo, N. P. Smart, Sharing the LUOV: Threshold post-quantum signatures. in 17th IMA International Conference on Cryptography and Coding, vol. 11929 of LNCS, (Springer, Heidelberg, 2019), pp. 128–153

29.

I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model. in EUROCRYPT 2000, vol. 1807 of LNCS, (Springer, Heidelberg, 2000), pp. 418–430

30.

L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal Gaussians. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 40–56

31.

M. Drijvers, K. Edalatnejad, B. Ford, E. Kiltz, J. Loss, G. Neven, I. Stepanovs. On the security of two-round multi-signatures. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1084–1101

32.

Y. Doröz, J. Hoffstein, J.H. Silverman, B. Sunar, Mmsat: A scheme for multimessage multiuser signature aggregation. Cryptology ePrint Archive, Report 2020/520, 2020. https://eprint.iacr.org/2020/520

33.

I. Damgård, T.P. Jakobsen, J.B. Nielsen, J.I. Pagter, M.B. Østergaard, Fast threshold ECDSA with honest majority. In SCN 20, vol. 12238 of LNCS, (Springer, Heidelberg, 2020), pp. 382–400

34.

J. Doerner, Y. Kondi, E. Lee, a. shelat. Secure two-party threshold ECDSA from ECDSA assumptions. in 2018 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2018), pp. 980–997

35.

J. Doerner, Y. Kondi, E. Lee, a. shelat, Threshold ECDSA from ECDSA assumptions: The multiparty case. in 2019 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2019), pp. 1051–1066

36.

L. Ducas, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, D. Stehlé. Crystals–dilithium: Digital signatures from module lattices. 2018, https://repository.ubn.ru.nl/bitstream/handle/2066/191703/191703.pdf

37.

R. del Pino, V. Lyubashevsky, G. Seiler. Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In ACM CCS 2018, (ACM Press, 2018), pp. 574–591

38.

L. Ducas, D. Micciancio, Improved short lattice signatures in the standard model. in CRYPTO 2014, Part I, vol. 8616 of LNCS, (Springer, Heidelberg, 2014), pp. 335–352

39.

A.P.K. Dalskov, C. Orlandi, M. Keller, K. Shrishak, H. Shulman, Securing DNSSEC keys via threshold ECDSA from generic MPC. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 654–673

40.

M.F. Esgin, O. Ersoy, Z. Erkin, Post-quantum adaptor signatures and payment channel networks. in ESORICS 2020, Part II, vol. 12309 of LNCS, (Springer, Heidelberg, 2020), pp. 378–397

41.

R. El Bansarkhani, J. Sturm, An efficient lattice-based multisignature scheme with applications to bitcoins. in CANS 16, vol. 10052 of LNCS, (Springer, Heidelberg, 2016), pp. 140–155

42.

M.F. Esgin, R. Steinfeld, J.K. Liu, D. Liu, Lattice-based zero-knowledge proofs: New techniques for shorter and faster constructions and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 115–146

43.

M. F. Esgin, R. Steinfeld, A. Sakzad, J. K. Liu, D. Liu, Short lattice-based one-out-of-many proofs and applications to ring signatures. In ACNS 19, vol. 11464 of LNCS, (Springer, Heidelberg, 2019), pp. 67–88

44.

M. Fukumitsu, S. Hasegawa. A tightly-secure lattice-based multisignature. in APKC@AsiaCCS 2019, (ACM, 2019), pp. 3–11

45.

M. Fukumitsu, S. Hasegawa, A lattice-based provably secure multisignature scheme in quantum random oracle model. in ProvSec 2020, vol. 12505 of LNCS, (Springer, Heidelberg, 2020), pp. 45–64

46.

R. Gennaro, S. Goldfeder, Fast multiparty threshold ECDSA with fast trustless setup. in ACM CCS 2018, (ACM Press, 2018), pp. 1179–1194

47.

R. Gennaro, S. Goldfeder, One round threshold ecdsa with identifiable abort. Cryptology ePrint Archive, Report 2020/540, 2020. https://eprint.iacr.org/2020/540

48.

R. Gennaro, S. Goldfeder, A. Narayanan, Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. in ACNS 16, vol. 9696 of LNCS, (Springer, Heidelberg, 2016), pp. 156–174

49.

R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology, 20(1), 51–83, (2007).MathSciNetCrossRef

50.

A. Gagol, J. Kula, D. Straszak, M. Swietek, Threshold ecdsa for decentralized asset custody. Cryptology ePrint Archive, Report 2020/498, (2020). https://eprint.iacr.org/2020/498

51.

T. Güneysu, V. Lyubashevsky, T. Pöppelmann, Practical lattice-based cryptography: A signature scheme for embedded systems. in CHES 2012, vol. 7428 of LNCS, (Springer, Heidelberg, 2012), pp. 530–547

52.

N. Genise, D. Micciancio, Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 174–203

53.

C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions. in 40th ACM STOC, (ACM Press, 2008), pp. 197–206

54.

C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 75–92

55.

S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices. in 47th ACM STOC, (ACM Press, 2015), pp. 469–477

56.

N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks. in EUROCRYPT 2010, vol. 6110 of LNCS, (Springer, Heidelberg, 2010), pp. 235–256

57.

M. Kansal, R. Dutta, Round optimal secure multisignature schemes from lattice with public key aggregation and signature compression. In AFRICACRYPT 20, vol. 12174 of LNCS, (Springer, Heidelberg, 2020), pp. 281–300

58.

C. Komlo, I. Goldberg, FROST: flexible round-optimized schnorr threshold signatures. in Selected Areas in Cryptography - SAC 2020 - 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers, vol. 12804 of Lecture Notes in Computer Science, (Springer, 2020), pp. 34–65

59.

E. Kiltz, V. Lyubashevsky, C. Schaffner, A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. in EUROCRYPT 2018, Part III, vol. 10822 of LNCS, (Springer, Heidelberg, 2018), pp. 552–586

60.

V. Lyubashevsky, L. Ducas, E. Kiltz, T. Lepoint, P. Schwabe, G. Seiler, D. Stehlé, CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology, 2019. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

61.

Y. Lindell, Fast secure two-party ECDSA signing. in CRYPTO 2017, Part II, vol. 10402 of LNCS, (Springer, Heidelberg, 2017), pp. 613–644

62.

Y. Lindell, A. Nof, Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. in ACM CCS 2018, (ACM Press, 2018), pp. 1837–1854

63.

B. Libert, K. Nguyen, B.H.M. Tan, H. Wang, Zero-knowledge elementary databases with more expressive queries. in PKC 2019, Part I, vol. 11442 of LNCS, (Springer, Heidelberg, 2019), pp. 255–285

64.

V. Lyubashevsky, C. Peikert, O. Regev, A toolkit for ring-LWE cryptography. in EUROCRYPT 2013, vol. 7881 of LNCS, (Springer, Heidelberg, 2013), pp. 35–54

65.

V. Lyubashevsky, G. Seiler, Short, invertible elements in partially splitting cyclotomic rings and applications to lattice-based zero-knowledge proofs. in EUROCRYPT 2018, Part I, vol. 10820 of LNCS, (Springer, Heidelberg, 2018), pp. 204–224

66.

Z.-Y. Liu, Y.-F. Tseng, R. Tso, Cryptanalysis of a round optimal lattice-based multisignature scheme. Cryptology ePrint Archive, Report 2020/1172, 2020. https://eprint.iacr.org/2020/1172

67.

V. Lyubashevsky, Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures. in ASIACRYPT 2009, vol. 5912 of LNCS, (Springer, Heidelberg, 2009), pp. 598–616

68.

V. Lyubashevsky, Lattice signatures without trapdoors. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 738–755

69.

V. Lyubashevsky, Lattice-based zero-knowledge and applications. CIS 2019, 2019. https://crypto.sjtu.edu.cn/cis2019/slides/Vadim.pdf

70.

C. Ma, M. Jiang, Practical lattice-based multisignature schemes for blockchains. IEEE Access, 7, 179765–179778, (2019)CrossRef

71.

S. Micali, K. Ohta, L. Reyzin, Accountable-subgroup multisignatures: Extended abstract. in ACM CCS 2001, (ACM Press, 2001), pp. 245–254

72.

D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller. in EUROCRYPT 2012, vol. 7237 of LNCS, (Springer, Heidelberg, 2012), pp. 700–718

73.

D. Micciancio, C. Peikert, Hardness of SIS and LWE with small parameters. in CRYPTO 2013, Part I, vol. 8042 of LNCS, (Springer, Heidelberg, 2013), pp. 21–39

74.

G. Maxwell, A. Poelstra, Y. Seurin, P. Wuille, Simple schnorr multi-signatures with applications to bitcoin. Des. Codes Cryptogr., 87(9), 2139–2164, (2019)MathSciNetCrossRef

75.

C. Ma, J. Weng, Y. Li, R.H. Deng, Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr., 54(2), 121–133, (2010)MathSciNetCrossRef

76.

N.K. Nguyen, On the non-existence of short vectors in random module lattices. in ASIACRYPT 2019, Part II, vol. 11922 of LNCS, (Springer, Heidelberg, 2019), pp. 121–150

77.

A. Nicolosi, M.N. Krohn, Y. Dodis, D. Mazières, Proactive two-party signatures for user authentication. in NDSS 2003. (The Internet Society, 2003)

78.

J. Nick, T. Ruffing, Y. Seurin, MuSig2: Simple two-round Schnorr multi-signatures. in CRYPTO 2021, Part I, vol. 12825 of LNCS, (Virtual Event, 2021. Springer, Heidelberg), pp. 189–221

79.

J. Nick, T. Ruffing, Y. Seurin, P. Wuille, MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. in ACM CCS 2020, (ACM Press, 2020), pp. 1717–1731

80.

R. Pass, On deniability in the common reference string and random oracle model. in CRYPTO 2003, vol. 2729 of LNCS, (Springer, Heidelberg, 2003), pp. 316–337

81.

T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. in CRYPTO’91, vol. 576 of LNCS, (Springer, Heidelberg, 1992), pp. 129–140

82.

C. Peikert, An efficient and parallel Gaussian sampler for lattices. in CRYPTO 2010, vol. 6223 of LNCS, (Springer, Heidelberg, 2010), pp. 80–97

83.

D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361–396, (2000)CrossRef

84.

C.-P. Schnorr, Efficient identification and signatures for smart cards. in CRYPTO’89, vol. 435 of LNCS, (Springer, Heidelberg, 1990), pp. 239–252

85.

D.R. Stinson, R. Strobl, Provably secure distributed Schnorr signatures and a \((t, n)\) threshold scheme for implicit certificates. in ACISP 01, vol. 2119 of LNCS, (Springer, Heidelberg, 2001), pp. 417–434

86.

E. Syta, I. Tamas, D. Visher, D.I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, B. Ford, Keeping authorities “honest or bust” with decentralized witness cosigning. in 2016 IEEE Symposium on Security and Privacy, (IEEE Computer Society Press, 2016), pp. 526–545

87.

R. Toluee, T. Eghlidos, An efficient and secure ID-based multi-proxy multi-signature scheme based on lattice. Cryptology ePrint Archive, Report 2019/1031, 2019. https://eprint.iacr.org/2019/1031

88.

R. Tso, Z. Liu, Y. Tseng, Identity-based blind multisignature from lattices. IEEE Access, 7, 182916–182923, (2019)CrossRef

89.

W.A. Torres, R. Steinfeld, A. Sakzad, V. Kuchta, Post-quantum linkable ring signature enabling distributed authorised ring confidential transactions in blockchain. Cryptology ePrint Archive, Report 2020/1121, 2020. https://eprint.iacr.org/2020/1121

90.

D. Wagner, A generalized birthday problem. in CRYPTO 2002, vol. 2442 of LNCS, (Springer, Heidelberg, 2002), pp. 288–303

91.

R. Yang, M. H. Au, Z. Zhang, Q. Xu, Z. Yu, W. Whyte, Efficient lattice-based zero-knowledge arguments with standard soundness: Construction and applications. in CRYPTO 2019, Part I, vol. 11692 of LNCS, (Springer, Heidelberg, 2019), pp. 147–175

Titel: Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices
verfasst von: Ivan Damgård
Claudio Orlandi
Akira Takahashi
Mehdi Tibouchi
Publikationsdatum: 01.04.2022
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 2/2022
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-022-09425-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2022

Multiparty Generation of an RSA Modulus

Non-Malleable Functions and their Applications

TinyKeys: A New Approach to Efficient Multi-Party Computation

Semi-quantum Money

On the Round Complexity of Randomized Byzantine Agreement

Correction to: Unconditionally Secure Computation Against Low-Complexity Leakage

Premium Partner