Towards Practical Lattice-Based One-Time Linkable Ring Signatures

Ring signatures, as introduced by Rivest, Shamir, and Tauman (Asiacrypt ’01), allow to generate a signature for a message on be half of an ad-hoc set of parties. To sign a message, only the public keys must be known and these can be generated independently. It is furthermore not possible to identify the actual signer based on the signature. Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender. To be applicable in that setting, ring signatures must allow to determine when a party signed multiple transactions, which is done using a property called linkability. This work presents a linkable ring signature scheme constructed from a lattice-based collision-resistant hash function. We follow the idea of existing schemes which are secure based on the hardness of the discrete logarithm problem, but adapt and optimize ours to the lattice setting. In comparison to other designs for (lattice-based) linkable ring signatures, our approach avoids the standard solution for achieving linkability, which involves proofs about correct evaluation of a pseudorandom function using heavy zero-knowledge machinery

Lattice Based Signatures with Additional Functionalities

Digital signatures is a cryptographic protocol that can provide the added assurances of identity, status, proof of origin of an electronic document, and can acknowledge informed consent by the signer. Lattice based assumptions have seen a certain rush in recent years to fulfil the desire to expand the hardness assumption beyond factoring or discrete logarithm problem on which digital signatures can rely. In this article, we cover the recent progress made in digital signatures based on lattice assumptions. The article briefly discusses the working of each signature scheme, then investigates the progress made in recent years and compare them with different aspects of security and efficiency. Besides, it provides some future direction which can be helpful in future work in this area

Revocable Hierarchical Attribute-based Signatures from Lattices

Attribute-based Signatures (ABS) allow users to obtain attributes from issuing authorities, and sign messages whilst simultaneously proving compliance of their attributes with a verification policy. ABS demands that both the signer and the set of attributes used to satisfy a policy remain hidden to the verifier. Hierarchical ABS (HABS) supporting roots of trust and delegation were recently proposed to alleviate scalability issues in centralised ABS schemes. An important yet challenging property for privacy-preserving ABS is revocation, which may be applied to signers or some of the attributes they possess. Existing ABS schemes lack efficient revocation of either signers or their attributes, relying on generic costly proofs.Moreover, in HABS there is a further need to support revocation of authorities on the delegation paths, which is not provided by existing HABS constructions. This paper proposes a direct HABS scheme with a Verifier-Local Revocation (VLR) property. We extend the original HABS security model to address revocation and develop a new attribute delegation technique with appropriate VLR mechanism for HABS, which also implies the first ABS scheme to support VLR. Moreover, our scheme supports inner-product signing policies, offering a wider class of attribute relations than previous HABS schemes, and is the first to be based on lattices, which are thought to offer post-quantum security

Post-Quantum Era Privacy Protection for Intelligent Infrastructures

As we move into a new decade, the global world of Intelligent Infrastructure (II) services integrated into the Internet of Things (IoT) are at the forefront of technological advancements. With billions of connected devices spanning continents through interconnected networks, security and privacy protection techniques for the emerging II services become a paramount concern. In this paper, an up-to-date privacy method mapping and relevant use cases are surveyed for II services. Particularly, we emphasize on post-quantum cryptography techniques that may (or must when quantum computers become a reality) be used in the future through concrete products, pilots, and projects. The topics presented in this paper are of utmost importance as (1) several recent regulations such as Europe's General Data Protection Regulation (GDPR) have given privacy a significant place in digital society, and (2) the increase of IoT/II applications and digital services with growing data collection capabilities are introducing new threats and risks on citizens' privacy. This in-depth survey begins with an overview of security and privacy threats in IoT/IIs. Next, we summarize some selected Privacy-Enhancing Technologies (PETs) suitable for privacy-concerned II services, and then map recent PET schemes based on post-quantum cryptographic primitives which are capable of withstanding quantum computing attacks. This paper also overviews how PETs can be deployed in practical use cases in the scope of IoT/IIs, and maps some current projects, pilots, and products that deal with PETs. A practical case study on the Internet of Vehicles (IoV) is presented to demonstrate how PETs can be applied in reality. Finally, we discuss the main challenges with respect to current PETs and highlight some future directions for developing their post-quantum counterparts

New approaches to privacy preserving signatures

In this thesis we advance the theory and practice of privacy preserving digital signatures. Privacy preserving signatures such as group and ring signatures enable signers to hide in groups of potential signers. We design a cryptographic primitive called signatures with flexible public keys, which allows for modular construction of privacy preserving signatures. Its core is an equivalence relation between verification keys, such that key representatives can be transformed in their class to obscures their origin. The resulting constructions are more efficient than the state of the art, under the same or weaker assumptions. We show an extension of the security model of fully dynamic group signatures, which are those where members may join and leave the group over time. Our contribution here, which is facilitated by the new primitive, is the treatment of membership status as potentially sensitive information. In the theory of ring signatures, we show a construction of ring signatures which is the first in the literature with logarithmic signature size in the size of the ring without any trusted setup or reliance on non-standard assumptions. We show how to extend our techniques to the derived setting of linkable ring signatures, where different signatures of the same origin may be publicly linked. Here, we further revisit the notion of linkable anonymity, offering a significant strengthening compared to previous definitions.Diese Arbeit treibt die Theorie und Praxis der privatsphärewahrenden digitalen Signa- turen voran. Privatsphärewahrende Signaturen, wie Gruppen- oder Ringsignaturen erlauben es Zeichnern sich in einer Gruppe potenzieller Zeichner zu verstecken. Wir entwerfen mit Signatures with Flexible Public Keys einen kryptografischen Baustein zur modularen Konstruktion von privatsphärewahrenden Signaturen. Dessen Kern ist eine Äquivalenzrelation zwischen den Schlüsseln, sodass ein Schlüsselvertreter in seiner Klasse bewegt werden kann, um seinen Ursprung zu verschleiern. Darauf auf- bauende Konstruktionen sind effizienter als der Stand der Technik, unter gleichen oder schwächeren Annahmen. Wir erweitern das Sicherheitsmodell vollständig dynami- scher Gruppensignaturen, die es Mitgliedern erlauben der Gruppe beizutreten oder sie zu verlassen: Durch das neue Primitiv, wird die Behandlung der Mitgliedschaft als potenziell sensibel ermöglicht. In der Theorie der Ringsignaturen geben wir die erste Konstruktion, welche über eine logarithmische Signaturgröße verfügt, ohne auf eine Vorkonfiguration oder unübliche Annahmen vertrauen zu müssen. Wir übertragen unsere Ergebnisse auf das Feld der verknüpfbaren Ringsignaturen, die eine öffentliche Verknüpfung von zeichnergleichen Signaturen ermöglichen. Unsere Neubetrachtung des Begriffs der verknüpfbaren Anonymität führt zu einer signifikanten Stärkung im Vergleich zu früheren Definitionen

On Lattice-Based Signatures with Advanced Functionalities

Lattice-based cryptography is a prominent class of cryptographic systems that has been emerged as one of the main candidates replacing classical cryptography in future computing environments such as quantum computing. Quantum computers exploit quantum mechanical phenomena to solve computational problems, on which the security of currently deployed (classical) cryptographic systems is based. While these computational problems, e.g., factoring integers and computing discrete logarithms, are intractable for conventional (classical) computers, it is meanwhile known that they can be easily solved on quantum computers (Shor 1997). However, lattice problems, such as finding short non-zero vectors, seem to withstand attacks having quantum computing power. In the last two decades we have seen many cryptographic proposals based on lattices. In particular, lattice-based (ordinary) signature schemes were greatly improved with respect to efficiency and security. This can be observed from the post-quantum standardization process initiated by the National Institute of Standards and Technology (NIST). In fact, from the five signature schemes that have been submitted to this process, there are currently three finalists, where two of them are lattice-based submissions. In this thesis, we are specifically interested in lattice-based signature schemes with advanced functionalities. In addition to the basic security goals that an ordinary signature scheme ensures, i.e., authentication, non-repudiation, and integrity, these schemes provide features that are application-specific. While ordinary signature schemes based on lattices are ready to be deployed in practice, this statement cannot be made for lattice-based signature schemes with advanced functionalities. This thesis makes a significant progress towards deploying the aforementioned type of signature schemes in practice. With focus on privacy-preserving applications in future computing environments, we particularly facilitate the protection of secret keys in cryptocurrencies such as Bitcoin and Ethereum. We provide practical solutions to anonymous e-cash, anonymous credentials, smart contracts, and e-voting. We believe that our techniques can be used to develop further advanced signature schemes to be deployed in other application scenarios. For instance, in information security systems that perform critical operations such as distributed key generation, anonymization of medical data, and updating reliable routing information