Towards Tightly Secure Short Signature and IBE

Constructing short signatures with tight security from standard assumptions is a long-standing open problem. We present an adaptively secure, short (and stateless) signature scheme, featuring a constant security loss relative to a conservative hardness assumption, Short Integer Solution (SIS), and the security of a concretely instantiated pseudorandom function (PRF). This gives a class of tightly secure short lattice signature schemes whose security is based on SIS and the underlying assumption of the instantiated PRF. Our signature construction further extends to give a class of tightly and adaptively secure ``compact Identity-Based Encryption (IBE) schemes, reducible with constant security loss from Regev\u27s vanilla Learning With Errors (LWE) hardness assumption and the security of a concretely instantiated PRF. Our approach is a novel combination of a number of techniques, including Katz and Wang signature, Agrawal et al.\ lattice-based secure IBE, and Boneh et al.\ key-homomorphic encryption. Our results, at the first time, eliminate the dependency between the number of adversary\u27s queries and the security of short signature/IBE schemes in the context of lattice-based cryptography. They also indicate that tightly secure PRFs (with constant security loss) would imply tightly, adaptively secure short signature and IBE schemes (with constant security loss)

Practical UC-Secure Zero-Knowledge Smart Contracts

Zero-knowledge defines that verifier(s) learns nothing but predefined statement(s); e.g., verifiers learn nothing except the program\u27s path for the respective transaction in a zero-knowledge contract program. Intra-Privacy or insiders\u27 zero-knowledge --- ability to maintain a secret in a multi-party computation --- is an essential security property for smart contracts of Confidential Transactions (CT). Otherwise, the users have to reveal their confidential coin amounts to each other even if it is not a condition of the contract, contradicting the idea of zero-knowledge. For example, in an escrow contract, the escrow should not learn buyers\u27 or sellers\u27 account balances if the escrow has to pay into their accounts. Current private computational platforms, including homomorphic encryption and (ZK-)SNARK, can not be used in CT\u27s smart contracts because homomorphic encryption requires secret key sharing, and (ZK-)SNARK requires a different setup for each computation which has to be stored on the blockchain. Existing private smart contracts are not intra-private even though they are inter-private --- participants can maintain secrets from verifiers but not from other participants, accordingly. To fill this research gap, we introduce the notion of ``Confidential Integer Processing\u27\u27 (CIP) with two intra-private single-setup zero-knowledge programming protocols, (1) ``CIP-DLP\u27\u27 from the Discrete Log Problem (DLP) targeting Ring/Aggregable CT like Monero and Mimblewimble, and (2) ``CIP-SIS\u27\u27 from Approximate (Ring-Modular-) Short Integer Solution Problem (Approx-SIS) aiming at lattice-based Ring/Aggregable CT. To the best of our knowledge, our CIP protocols are the first practical public zero-knowledge contract protocols that are also secure under the Universal Composability (UC) framework without any hardware magic or trusted offline computations

Adaptively Secure Fully Homomorphic Signatures Based on Lattices

In a homomorphic signature scheme, given the public key and a vector of signatures $\vec{\sigma}:= (\sigma_1, \ldots, \sigma_l)$ over $l$ messages $\vec{\mu}:= (\mu_1, \ldots, \mu_l)$, there exists an efficient algorithm to produce a signature $\sigma\u27$ for $\mu = f(\vec{\mu})$. Given the tuple $(\sigma\u27, \mu, f)$, anyone can then publicly verify the validity of the signature $\sigma\u27$. Inspired by the recent (selectively secure) key-homomorphic functional encryption for circuits, recent works propose fully homomorphic signature schemes in the selective security model. However, in order to gain adaptive security, one must rely on generic complexity leveraging, which is not only very inefficient but also leads to reductions that are ``unfalsifiable\u27\u27. In this paper, we construct the first \emph{adaptively secure} homomorphic signature scheme that can evaluate any circuit over signed data. For {\it poly-logarithmic depth} circuits, our scheme achieves adaptive security under the standard {\it Small Integer Solution} (SIS) assumption. For {\it polynomial depth} circuits, the security of our scheme relies on sub-exponential SIS --- but unlike complexity leveraging, the security loss in our reduction depends only on circuit depth and on neither message length nor dataset size

Blockchain-Free Cryptocurrencies: A Framework for Truly Decentralised Fast Transactions

The blockchain distributed ledger pioneered by Bitcoin is effective at preventing double-spending, but inherently attracts (1) user cartels and (2) incompressible delays, as a result of linear verification and a winner-takes-all incentive lottery. We propose to forgo the blocks and chain entirely, and build a truly distributed ledger system based on a lean graph of cross-verifying transactions, which now become the main and only objects in the system. A fully distributed consensus mechanism, based on progressive proofs of work with predictable incentives, ensures rapid convergence even across a large network of unequal participants, who all get rewards working at their own pace. Graph-based affirmation fosters snappy response through automatic scaling, while application-agnostic design supports all modern cryptocurrency features such as multiple denominations, swaps, securitisation, scripting, smart contracts, etc. We prove theoretically, and experimentally verify, our proposal to show it achieves a crucial convergence property, meaning that any valid transaction entering the system will quickly become enshrined into the ancestry upon which all future transactions will rest

Integrating On-chain and Off-chain Governance for Supply Chain Transparency and Integrity

Integrating on-chain and off-chain data storage for decentralised and distributed information systems, such as blockchain, presents specific challenges for providing transparency of data governance and ensuring data integrity through stakeholder engagement. Current research on blockchain-based supply chains focuses on using on-chain governance rules developed for cryptocurrency blockchains to store some critical data points without designing tailored on-chain governance mechanisms and disclosing off-chain decision-making processes on data governance. In response to this research gap, this paper presents an integrated data governance framework that coordinates supply chain stakeholders with inter-linked on-chain and off-chain governance to disclose on-chain and off-chain rules and decision-making processes for supply chain transparency and integrity. We present a Proof-of-Concept (PoC) of our integrated data governance approach and suggest future research to strengthen scaling up and supply chain-based use cases based on our learnings.Comment: The 5th Symposium on Distributed Ledger Technolog

Fuzzy Identity Based Encryption from Lattices

Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct “Fuzzy” Identity Based Encryption from the hardness of the standard Learning With Errors (LWE) problem. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We discuss why further extensions are not as easy as they may seem. As such, ours is among the first examples of advanced-functionality cryptosystem from lattices that goes “beyond IBE”

Proxy Re-Encryption Schemes with Key Privacy from LWE

Proxy re-encryption (PRE) is a cryptographic primitive in which a proxy can transform Alice\u27s ciphertexts into ones decryptable by Bob. Key-private PRE specifies an additional level of security, requiring that proxy keys leak no information on the identities of Alice and Bob. In this paper, we build two key-private PRE schemes: (1) we propose a CPA-secure key-private PRE scheme in the standard model, and (2) we then transform it into a CCA-secure scheme in the random oracle model. Both schemes enjoy following properties: both are uni-directional and the CPA-secure one is a multi-hop scheme. In addition, the security of our schemes is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or ``post-quantum\u27\u27. We implement the CPA-secure scheme and point out that, among many applications, it can be sufficiently used for the practical task of key rotation over encrypted data