213 research outputs found
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Short Identity-Based Signatures with Tight Security from Lattices
We construct a short and adaptively secure identity-based signature scheme tightly based on the well-known Short Integer Solution (SIS) assumption.
Although identity-based signature schemes can be tightly constructed from either standard signature schemes against adaptive corruptions in the multi-user setting or a two-level hierarchical identity-based encryption scheme, neither of them is known with short signature size and tight security based on the SIS assumption. Here ``short\u27\u27 means the signature size is independent of the message length, which is in contrast to the tree-based (tight) signatures.
Our approach consists of two steps: Firstly, we give two generic transformations (one with random oracles and the other without) from non-adaptively secure identity-based signature schemes to adaptively secure ones tightly. Our idea extends the similar transformation for digital signature schemes. Secondly, we construct a non-adaptively secure identity-based signature scheme based on the SIS assumption in the random oracle model
URDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme
Design efficient lattice-based cryptosystem secure against adaptive chosen
ciphertext attack (IND-CCA2) is a challenge problem. To the date, full
CCA2-security of all proposed lattice-based PKE schemes achieved by using a
generic transformations such as either strongly unforgeable one-time signature
schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of
commitment. The drawback of these schemes is that encryption requires "separate
encryption". Therefore, the resulting encryption scheme is not sufficiently
efficient to be used in practice and it is inappropriate for many applications
such as small ubiquitous computing devices with limited resources such as smart
cards, active RFID tags, wireless sensor networks and other embedded devices.
In this work, for the first time, we introduce an efficient universal random
data padding (URDP) scheme, and show how it can be used to construct a "direct"
CCA2-secure encryption scheme from "any" worst-case hardness problems in
(ideal) lattice in the standard model, resolving a problem that has remained
open till date. This novel approach is a "black-box" construction and leads to
the elimination of separate encryption, as it avoids using general
transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security
of this scheme can be tightly reduced in the standard model to the assumption
that the underlying primitive is an one-way trapdoor function.Comment: arXiv admin note: text overlap with arXiv:1302.0347, arXiv:1211.6984;
and with arXiv:1205.5224 by other author
Lattice-based Group Signature Scheme with Verifier-local Revocation
International audienceSupport of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVP_{SoftO(n^{1.5})}$ problem in general lattices - an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures
Private and Secure Post-Quantum Verifiable Random Function with NIZK Proof and Ring-LWE Encryption in Blockchain
We present a secure and private blockchain-based Verifiable Random Function
(VRF) scheme addressing some limitations of classical VRF constructions. Given
the imminent quantum computing adversarial scenario, conventional cryptographic
methods face vulnerabilities. To enhance our VRF's secure randomness, we adopt
post-quantum Ring-LWE encryption for synthesizing pseudo-random sequences.
Considering computational costs and resultant on-chain gas costs, we suggest a
bifurcated architecture for VRF design, optimizing interactions between
on-chain and off-chain. Our approach employs a secure ring signature supported
by NIZK proof and a delegated key generation method, inspired by the
Chaum-Pedersen equality proof and the Fiat-Shamir Heuristic. Our VRF scheme
integrates multi-party computation (MPC) with blockchain-based decentralized
identifiers (DID), ensuring both security and randomness. We elucidate the
security and privacy aspects of our VRF scheme, analyzing temporal and spatial
complexities. We also approximate the entropy of the VRF scheme and detail its
implementation in a Solidity contract. Also, we delineate a method for
validating the VRF's proof, matching for the contexts requiring both randomness
and verification. Conclusively, using the NIST SP800-22 of the statistical
randomness test suite, our results exhibit a 98.86% pass rate over 11 test
cases, with an average p-value of 0.5459 from 176 total tests.Comment: 21 pages, 5 figures, In the 2023 Proceedings of International
Conference on Cryptography and Blockchai
The Fiat-Shamir Transformation in a Quantum World
The Fiat-Shamir transformation is a famous technique to turn identification schemes into signature schemes. The derived scheme is provably secure in the random-oracle model against classical adversaries. Still, the technique has also been suggested to be used in connection with quantum-immune identification schemes, in order to get quantum-immune signature schemes. However, a recent paper by Boneh et al. (Asiacrypt 2011) has raised the issue that results in the random-oracle model may not be immediately applicable to quantum adversaries, because such adversaries should be allowed to query the random oracle in superposition. It has been unclear if the Fiat-Shamir technique is still secure in this quantum oracle model (QROM).
Here, we discuss that giving proofs for the Fiat-Shamir transformation in the QROM is presumably hard. We show that there cannot be black-box extractors, as long as the underlying quantum-immune identification scheme is secure against active adversaries and the first message of the prover is independent of its witness. Most schemes are of this type. We then discuss that for some schemes one may be able to resurrect the Fiat-Shamir result in the QROM by modifying the underlying protocol first. We discuss in particular a version of the Lyubashevsky scheme which is provably secure in the QROM
- …