International Association for Cryptologic Research (IACR)
Abstract
An isomorphism problem asks whether two combinatorial or algebraic structures are essentially the same. Based on the assumed hardness of an isomorphism problem, there is a well-known digital signature design based on the Goldreich-Micali-Widgerson (GMW) zero-knowledge protocol for graph isomorphism and the Fiat-Shamir (FS) transformation. Recently, there is a revival of activities on this design, as witnessed by the schemes SeaSign (Eurocrypt 2019), CSIFiSh (Asiacrypt 2019), LESS (Africacrypt 2020), ATFE (Eurocrypt 2022), and MEDS (Africacrypt 2023).
The contributions of this paper are two-folds: the first is about the GMW-FS design in general, and the second is on the ATFE-GMW-FS scheme.
First, we study the QROM security and ring signatures of the GMW-FS design in the group action framework. We distil properties of the underlying isomorphism problem for the GMW-FS design to be secure in the quantum random oracle model (QROM). We also show that this design supports a linkable ring signature construction following the work of Beullens, Katsumata and Pintore (Asiacrypt 2020).
Second, we apply the above results to prove the security of the ATFE-GMW-FS scheme in the QROM model. We then describe a linkable ring signature scheme based on it, and provide an implementation of the ring signature scheme. Preliminary experiments suggest that our scheme is competitive among existing post-quantum ring signatures. We also discuss the parameter choices of the ATFE-GMW-FS scheme based on the recent attack by Beullens (Cryptology ePrint Archive, Paper 2022/1528), and the MPC-in-the-head construction for general group actions by Joux (Cryptology ePrint Archive, Paper 2023/664)