TY - GEN
T1 - Short Lattice Signatures in the Standard Model with Efficient Tag Generation
AU - Kajita, Kaisei
AU - Ogawa, Kazuto
AU - Nuida, Koji
AU - Takagi, Tsuyoshi
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - We propose new short signature schemes under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction in [Ducas and Micciancio, CRYPTO 2014], we demonstrate efficient lattice-based signatures with improved tag generation. We firstly construct a scheme under mild security condition that is existentially unforgeable against random message attack with auxiliary information. We then convert the mildly secure scheme to a fully secure scheme by applying a trapdoor commitment scheme. Our schemes enable the generation of tags from messages and the collision of multiple tags, which improves reduction loss. Our schemes have short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.’s scheme. In accordance with two kinds of parameter set for tag generation, we get two signature schemes with different properties of reduction loss and verification key size. One of our schemes has tighter reduction and as the same size verification key of O(log n) as that of Ducas et al.’s scheme, where n is the security parameter. Another scheme achieves much tighter reduction loss of O(Qn) for the sake of verification size of O(n), where Q is the number of signing queries.
AB - We propose new short signature schemes under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction in [Ducas and Micciancio, CRYPTO 2014], we demonstrate efficient lattice-based signatures with improved tag generation. We firstly construct a scheme under mild security condition that is existentially unforgeable against random message attack with auxiliary information. We then convert the mildly secure scheme to a fully secure scheme by applying a trapdoor commitment scheme. Our schemes enable the generation of tags from messages and the collision of multiple tags, which improves reduction loss. Our schemes have short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.’s scheme. In accordance with two kinds of parameter set for tag generation, we get two signature schemes with different properties of reduction loss and verification key size. One of our schemes has tighter reduction and as the same size verification key of O(log n) as that of Ducas et al.’s scheme, where n is the security parameter. Another scheme achieves much tighter reduction loss of O(Qn) for the sake of verification size of O(n), where Q is the number of signing queries.
UR - http://www.scopus.com/inward/record.url?scp=85097397218&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097397218&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-62576-4_5
DO - 10.1007/978-3-030-62576-4_5
M3 - Conference contribution
AN - SCOPUS:85097397218
SN - 9783030625757
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 85
EP - 102
BT - Provable and Practical Security - 14th International Conference, ProvSec 2020, Proceedings
A2 - Nguyen, Khoa
A2 - Wu, Wenling
A2 - Lam, Kwok Yan
A2 - Wang, Huaxiong
PB - Springer Science and Business Media Deutschland GmbH
T2 - 14th International Conference on Provable Security, ProvSec 2020
Y2 - 29 November 2020 through 1 December 2020
ER -