A Step Towards QC Blind Signatures

In this paper we propose a conversion from signature schemes connected to coding theory into blind signature schemes. We give formal security reductions to combinatorial problems not connected to number theory. This is the first blind signature scheme which can not be broken by quantum computers via cryptanalyzing the underlying signature scheme employing Shor’s algorithms. We thus present a step towards diversifying computational assumptions on which blind signatures can be based. We achieve blind signatures by a different concept of blinding: Instead of blinding the message, we blind the public key, such that generating a (blind) signature for the blinded key requires the interaction of the holder of the original secret key. To verify the blind signature, the connection between the original and the blinded key is proven by a static ZK proof. The major ingredient for our conversion is the PKP protocol by Shamir

A Strong Blind Signature Scheme over Braid Groups

The rapid development of quantum computing makes public key cryptosystems not based on commutative algebraic systems hot topic. Because of the non-commutativity property, the braid group with braid index more than two becomes a new candidate for constructing cryptographic protocols. A strong blind signature scheme is proposed based on the difficulty of the one-more matching conjugacy problem in the braid groups, in which the signer can not relate the signature of the blinded message to that of the original message. The usage of random factor ensures that the blind signatures of the same message are different and avoids the weakness of simultaneous conjugating. The scheme can resist the adaptively chosen-message attack under the random oracle model

A Provably Secure Short Signature Scheme from Coding Theory

Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are useful where bandwidth is one of the crucial concern and especially in case of signing short messages in applications such as time stamping, certified email services and identitybased cryptosystems. In this paper, to have quantum-attackresistant short signatures, a signature scheme with partially message recovery from coding theory is proposed. The security of the proposed scheme is proved under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than the Dallot signature scheme, the only provably secure and practical code-based signature scheme. We should highlight that our scheme can be used as a building block of code-based signature schemes with additional properties since it compared to Dallot signature scheme not only improves its communication overhead but also it preserves its signature efficiency

A Provably Secure Code-based Concurrent Signature Scheme

Concurrent signatures allow two entities to generate two signatures in such a way that both signatures are ambiguous till some information is revealed by one of the parties. This kind of signature is useful in auction protocols and a wide range of scenarios in which involving participants are mutually distrustful. In this paper, to have quantum-attack-resistant concurrent signatures as recommended by National Institute of Standards and Technology (NISTIR 8105), the first concurrent signature scheme based on coding theory is proposed. Then, its security is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. We should highlight that our proposal can be a post-quantum candidate for fair exchange of signatures without a trusted third party in an efficient way (without a highly degree of interactions)

Code-based Strong Designated Verifier Signatures: Security Analysis and a New Construction

Strong designated verifier signatures make the message authenticated only to a designated person called the designated verifier while privacy of the signer\u27s identity is preserved. This primitive is useful in scenarios that authenticity, signer ambiguity and signer\u27s privacy are required simultaneously such as electronic voting and tendering. To have quantum-attack-resistant strong designated verifier signatures as recommended in National Institute of Standards and Technology internal report (NISTIR 8105, dated April 2016), a provably secure code-based construction was proposed by Koochak Shooshtari et al. in 2016. In this paper, we show that this code-based candidate for strong designated verifier signa- tures does not have signer ambiguity or non-transferability, the main feature of strong designated verifier signatures. In addition, it is shown that it is not strongly unforgeable if a designated verifier transfers a signature to a third party. Then, a new proposal for strong designated verifier signatures based on coding theory is presented, and its security which includes strong unforgeability, signer ambiguity and privacy of the signer\u27s identity properties is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model

Code-based Identification and Signature Schemes

In an age of explosive growth of digital communications and electronic data storage, cryptography plays an integral role in our society. Some examples of daily use of cryptography are software updates, e-banking, electronic commerce, ATM cards, etc. The security of most currently used cryptosystems relies on the hardness of the factorization and discrete logarithm problems. However, in 1994 Peter Shor discovered polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. Therefore, it is of extreme importance to develop cryptosystems that remain secure even when the adversary has access to a quantum computer; such systems are called post-quantum cryptosystems. One promising candidate is based on codes; in this thesis we focus more specifically on code-based identification and signature schemes. Public key identification schemes are typically applied in cryptography to reach the goal of entity authentication. Their applications include authentication and access control services such as remote login, credit card purchases and many others. One of the most well-known systems of this kind is the zero-knowledge identification scheme introduced in Crypto 1993 by Stern. It is very fast compared to schemes based on number-theoretic problems since it involves only simple and efficiently executable operations. However, its main drawbacks are the high communication complexity and the large public key size, that makes it impractical for many applications. Our first contribution addresses these drawbacks by taking a step towards reducing communication complexity and public key size simultaneously. To this end, we propose a novel zero-knowledge five-pass identification scheme which improves on Stern's scheme. It reduces the communication complexity by a factor of 25 % compared to Stern's one. Moreover, we obtain a public key of size of 4 KB, whereas Stern's scheme requires 15 KB for the same level of security. To the best of our knowledge, there is no code-based identification scheme with better performance than our proposal using random codes. Our second contribution consists of extending one of the most important paradigms in cryptography, namely the one by Fiat and Shamir. In doing so, we enlarge the class of identification schemes to which the Fiat-Shamir transform can be applied. Additionally, we put forward a generic methodology for proving the security of signature schemes derived from this class of identification schemes. We exemplify our extended paradigm and derive a provably secure signature scheme based on our proposed five-pass identification scheme. In order to contribute to the development of post-quantum schemes with additional features, we present an improved code-based threshold ring signature scheme using our two previous results. Our proposal has a shorter signature length and a smaller public-key size compared to Aguilar et al.'s scheme, which is the reference in this area

Signing with Codes

Code-based cryptography is an area of classical cryptography in which cryptographic primitives rely on hard problems and trapdoor functions related to linear error-correcting codes. Since its inception in 1978, the area has produced the McEliece and the Niederreiter cryptosystems, multiple digital signature schemes, identification schemes and code-based hash functions. All of these are believed to be resistant to attacks by quantum computers. Hence, code-based cryptography represents a post-quantum alternative to the widespread number-theoretic systems. This thesis summarizes recent developments in the field of code-based cryptography, with a particular emphasis on code-based signature schemes. After a brief introduction and analysis of the McEliece and the Niederreiter cryptosystems, we discuss the currently unresolved issue of constructing a practical, yet provably secure signature scheme. A detailed analysis is provided for the Courtois, Finiasz and Sendrier signature scheme, along with the mCFS and parallel CFS variations. Finally, we discuss a recent proposal by Preetha et al. that attempts to solve the issue of provable security, currently failing in the CFS scheme case, by randomizing the public key construct. We conclude that, while the proposal is not yet practical, it represents an important advancement in the search for an ideal code-based signature scheme