# A Lattice-Based Threshold Ring Signature Scheme

@inproceedings{Cayrel2010ALT, title={A Lattice-Based Threshold Ring Signature Scheme}, author={Pierre-Louis Cayrel and Richard Lindner and Markus R{\"u}ckert and Rosemberg Silva}, booktitle={International Conference on Cryptology and Information Security in Latin America}, year={2010} }

In this article, we propose a new lattice-based threshold ring signature scheme, modifying Aguilar's code-based solution to use the short integer solution (SIS) problem as security assumption, instead of the syndrome decoding (SD) problem. By applying the CLRS identification scheme, we are also able to have a performance gain as result of the reduction in the soundness error to 1/2 per round. Such gain is also maintained through the application of the Fiat-Shamir heuristics to derive signatures…

## 59 Citations

### Improved Lattice-Based Threshold Ring Signature Scheme

- Computer Science, MathematicsPQCrypto
- 2013

The ring signature induced by the particular case of only one signer is described and to the best of the knowledge, the resulted signatures are the most efficient lattice-based ring signature and threshold signature.

### An Improved Threshold Ring Signature Scheme Based on Error Correcting Codes

- Computer ScienceWAIFI
- 2012

A novel threshold ring signature scheme built on the q-SD identification scheme recently proposed by Cayrel et al. is constructed, which is the first efficient implementation of this type of code-based schemes.

### A multivariate based threshold ring signature scheme

- Computer Science, MathematicsApplicable Algebra in Engineering, Communication and Computing
- 2013

This paper extends a new multivariate identification scheme, whose security is based solely on the MQ-Problem of solving systems of quadratic equations over finite fields, to a threshold ring identification and signature scheme, which is the first multivariate scheme of this type and generally one of thefirst multivariate signature schemes with special properties.

### Lattice-based Threshold Signature with Message Block Sharing

- Computer Science, Mathematics
- 2014

An interesting tool is introduced to construct the k-out-of-N threshold signature schemes, which are a protocol that approves any subset of k members among N members to produce a valid signature, but it is impossible to generate a valid signatures in case fewer thank members are involved in the protocol.

### A New Multivariate Based Threshold Ring Signature Scheme

- Computer Science, MathematicsNSS
- 2014

In CRYPTO 2011, Sakumoto et al. presented a 3-pass identification protocol whose security is solely based on the MQ problem. This identification protocol was extended to a threshold ring signature…

### A Lattice-Based Universal Thresholdizer for Cryptographic Systems

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

This work shows how to add threshold functionality to CCA-secure public-key encryption (PKE), signature schemes, pseudorandom functions, and others primitives, using a general tool, called a universal thresholdizer, from which many threshold systems are possible.

### An efficient code-based threshold ring signature scheme

- Computer Science, MathematicsJ. Inf. Secur. Appl.
- 2019

### RingRainbow - An Efficient Multivariate Ring Signature Scheme

- Computer Science, MathematicsAFRICACRYPT
- 2017

This paper proposes a simple and efficient technique to extend arbitrary multivariate signature schemes to ring signature schemes and illustrates it using the example of Rainbow, providing perfect anonymity for the signer, as well as shorter ring signatures than all previously proposed post-quantum ring signatures schemes.

### Anonymous Post-Quantum Cryptocash ? ( Full Version )

- Computer Science, Mathematics
- 2018

By adopting the short quantum-resistant linkable ring signature scheme, this system is anonymous and efficient, and the privacy of users is protected, even though their transactions are recorded in the public ledger.

### Anonymous Post-Quantum Cryptocash

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

The privacy of users is protected, even though their transactions are recorded in the public ledger, by adopting the short quantum-resistant linkable ring signature scheme, which is anonymous and efficient.

## References

SHOWING 1-10 OF 43 REFERENCES

### A New Efficient Threshold Ring Signature Scheme Based on Coding Theory

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2011

This scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N).

### Lattice-Based Identification Schemes Secure Under Active Attacks

- Computer Science, MathematicsPublic Key Cryptography
- 2008

This work constructs a 3-move identification scheme whose security is based on the worst-case hardness of the shortest vector problem in all lattices, and also presents a more efficient versionbased on the hardness ofthe same problem in ideal lattices.

### Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures

- Computer Science, MathematicsASIACRYPT
- 2009

This work demonstrates how the framework that is used for creating efficient number-theoretic ID and signature schemes can be transferred into the setting of lattices and is able to shorten the length of the signatures that are produced by Girault's factoring-based digital signature scheme.

### How to Achieve a McEliece-Based Digital Signature Scheme

- Computer ScienceASIACRYPT
- 2001

This paper disproves the belief that code-based cryptosystems like McEliece do not allow practical digital signatures, and shows a way to build a practical signature scheme based on coding theory.

### Provably Secure Code-Based Threshold Ring Signatures

- Computer Science, MathematicsIMACC
- 2009

A security proof is given of the scheme whose security relies -- in both random oracle and ideal cipher models -- on two coding theory problems, making it the first provably secure code-based threshold ring signature scheme.

### A New Identification Scheme Based on Syndrome Decoding

- Computer Science, MathematicsCRYPTO
- 1993

This paper proposes a new identification scheme, based on error-correcting codes, which is zero-knowledge and is of practical value, and describes several variants, including one which has an identity based character.

### Improved code-based identification scheme

- Computer ScienceArXiv
- 2010

This work revisits the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and gives a new 5-pass protocol for which the probability of the cheater is 1/2 and proposes to use quasi-cyclic construction in order to dramatically reduce the size of the public key.

### Improved Zero-Knowledge Identification with Lattices

- Computer Science, MathematicsProvSec
- 2010

This paper adapts a code- -based identification scheme devised by Cayrel, V´eron and El Yousfi, which constitutes an improvement of Stern’s construction and offers a much milder security assumption: namely, the hardness of SIS for trinary solutions.

### A Framework for Efficient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2010

This work shows a transformation taking a signature scheme with a very weak security guarantee and producing a fully secure signature scheme, and shows that ring trapdoor functions imply ring signatures under a weak definition, which enables the transformation to achieve full security.

### Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems

- Mathematics, Computer ScienceASIACRYPT
- 2008

It is shown that two variants of Stern's identification scheme are provably secure against concurrent attack under the assumptions on the worst-case hardness of lattice problems.