A tight security reduction in the quantum random oracle model for code-based signature schemes

Quantum secure signature schemes have a lot of attention recently, in particular because of the NIST call to standardize quantum safe cryptography. However, only few signature schemes can have concrete quantum security because of technical difficulties associated with the Quantum Random Oracle Model (QROM). In this paper, we show that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that we can have tight security reductions. We also study quantum algorithms related to the underlying code-based assumption. Finally, we apply our reduction to a concrete example: the SURF signature scheme. We provide parameters for 128 bits of quantum security in the QROM and show that the obtained parameters are competitive compared to other similar quantum secure signature schemes

Implementation and evaluation of improved Gaussian sampling for lattice trapdoors

We report on our implementation of a new Gaussian sampling algorithm for lattice trapdoors. Lattice trapdoors are used in a wide array of lattice-based cryptographic schemes including digital signatures, attributed-based encryption, program obfuscation and others. Our implementation provides Gaussian sampling for trapdoor lattices with prime moduli, and supports both single- and multi-threaded execution. We experimentally evaluate our implementation through its use in the GPV hash-and-sign digital signature scheme as a benchmark. We compare our design and implementation with prior work reported in the literature. The evaluation shows that our implementation 1) has smaller space requirements and faster runtime, 2) does not require multi-precision floating-point arithmetic, and 3) can be used for a broader range of cryptographic primitives than previous implementations

LCPR: High Performance Compression Algorithm for Lattice-Based Signatures

Many lattice-based signature schemes have been proposed in recent years. However, all of them suffer from huge signature sizes as compared to their classical counterparts. We present a novel and generic construction of a lossless compression algorithm for Schnorr-like signatures utilizing publicly accessible randomness. Conceptually, exploiting public randomness in order to reduce the signature size has never been considered in cryptographic applications. We illustrate the applicability of our compression algorithm using the example of a current state-of-the-art signature scheme due to Gentry et al. (GPV scheme) instantiated with the efficient trapdoor construction from Micciancio and Peikert. This scheme benefits from increasing the main security parameter $n$, which is positively correlated with the compression rate measuring the amount of storage savings. For instance, GPV signatures admit improvement factors of approximately $\lg n$ implying compression rates of about $65$\% at a security level of about 100 bits without suffering loss of information or decrease in security, meaning that the original signature can always be recovered from its compressed state. As a further result, we propose a multi-signer compression strategy in case more than one signer agree to share the same source of public randomness. Such a strategy of bundling compressed signatures together to an aggregate has many advantages over the single signer approach

LWE 문제 기반 공개키 암호 및 commitment 스킴의 효율적인 인스턴스화

학위논문 (박사)-- 서울대학교 대학원 : 자연과학대학 수리과학부, 2018. 2. 천정희.The Learning with Errors (LWE) problem has been used as a underlying problem of a variety of cryptographic schemes. It makes possible constructing advanced solutions like fully homomorphic encryption, multi linear map as well as basic primitives like key-exchange, public-key encryption, signature. Recently, developments in quantum computing have triggered interest in constructing practical cryptographic schemes. In this thesis, we propose efficient post-quantum public-key encryption and commitment schemes based on a variant LWE, named as spLWE. We also suggest related zero-knowledge proofs and LWE-based threshold cryptosystems as an application of the proposed schemes. In order to achieve these results, it is essential investigating the hardness about the variant LWE problem, spLWE. We describe its theoretical, and concrete hardness from a careful analysis.1.Introduction 1 2.Preliminaries 5 2.1 Notations 5 2.2 Cryptographic notions 5 2.2.1 Key Encapsulation Mechanism 5 2.2.2 Commitment Scheme 6 2.2.3 Zero-Knowledge Proofs and Sigma-Protocols 7 2.3 Lattices 9 2.4 Discrete Gaussian Distribution 11 2.5 Computational Problems 12 2.5.1 SVP 12 2.5.2 LWE and Its Variants 12 2.6 Known Attacks for LWE 13 2.6.1 The Distinguishing Attack 14 2.6.2 The Decoding Attack 15 3.LWE with Sparse Secret, spLWE 16 3.1 History 16 3.2 Theoratical Hardness 17 3.2.1 A Reduction from LWE to spLWE 18 3.3 Concrete Hardness 21 3.3.1 Dual Attack (distinguish version) 21 3.3.2 Dual Attack (search version) 23 3.3.3 Modifed Embedding Attack 25 3.3.4 Improving Lattice Attacks for spLWE 26 4.LWE-based Public-Key Encryptions 29 4.1 History 29 4.2 spLWE-based Instantiations 31 4.2.1 Our Key Encapsulation Mechanism 31 4.2.2 Our KEM-Based Encryption Scheme 33 4.2.3 Security 35 4.2.4 Correctness 36 4.3 Implementation 37 4.3.1 Parameter Selection 38 4.3.2 Implementation Result 39 5.LWE-based Commitments and Zero-Knowledge Proofs 41 5.1 History 42 5.2 spLWE-based Instantiations 43 5.2.1 Our spLWE-based Commitments 44 5.2.2 Proof for Opening Information 47 5.3 Application to LWE-based Threshold Crytosystems 50 5.3.1 Zero-Knowledge Proofs of Knowledge for Threshold Decryption 50 5.3.2 Actively Secure Threshold Cryptosystems 58 6.Conclusions 63Docto

Improvement and Efficient Implementation of a Lattice-based Signature Scheme

Lattice-based signature schemes constitute an interesting alternative to RSA and discrete logarithm based systems which may become insecure in the future, for example due to the possibility of quantum attacks. A particularly interesting scheme in this context is the GPV signature scheme [GPV08] combined with the trapdoor construction from Micciancio and Peikert [MP12] as it admits strong security proofs and is believed to be very efficient in practice. This paper confirms this belief and shows how to improve the GPV scheme in terms of space and running time and presents an implementation of the optimized scheme. A ring variant of this scheme is also introduced which leads to a more efficient construction. Experimental results show that GPV with the new trapdoor construction is competitive to the signature schemes that are currently used in practice

4.Uluslararası Öğrenciler Fen Bilimleri Kongresi Bildiriler Kitabı

Çevrimiçi ( XIII, 495 Sayfa ; 26 cm.)