# Improved Lattice-Based Threshold Ring Signature Scheme

@inproceedings{Bettaieb2013ImprovedLT, title={Improved Lattice-Based Threshold Ring Signature Scheme}, author={Slim Bettaieb and Julien Schrek}, booktitle={PQCrypto}, year={2013} }

We present in this paper an improvement of the lattice-based threshold ring signature proposed by Cayrel, Lindner, Ruckert and Silva (CLRS) [LATINCRYPT ’10]. We generalize the same identification scheme CLRS to obtain a more efficient threshold ring signature. The security of our scheme relies on standard lattice problems. The improvement is a significant reduction of the size of the signature. Our result is a t-out-of-N threshold ring signature which can be seen as t different ring signatures…

## 19 Citations

### Lattice-based Threshold Ring Signature with Message Block Sharing

- Computer Science, MathematicsKSII Trans. Internet Inf. Syst.
- 2019

This work presents a lattice-based threshold ring signature scheme, employing the technique of message block sharing proposed by Choi and Kim, and proposed a message processing technique called “pad-then-permute”, to pre-process the message before blocking the message, thus making the threshold ring signatures scheme more flexible.

### An efficient code-based threshold ring signature scheme

- Computer Science, MathematicsJ. Inf. Secur. Appl.
- 2019

### Logarithmic-Size (Linkable) Threshold Ring Signatures in the Plain Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This work presents the first construction of a thring signatures that is logarithmic-sized in N, in the plain model, and does not require signers to interact with each other to produce the thring signature.

### A Framework for Efficient Lattice-Based DAA

- Computer Science, MathematicsCYSARM@CCS
- 2019

A quantum-safe lattice-based Direct Anonymous Attestation protocol that can be suitable for inclusion in a future quantum-resistant TPM and is proved in the Universal Composability (UC) model under the assumed hardness of the Ring-SIS, Ring-LWE, and NTRU problems.

### Identity Based Threshold Ring Signature from Lattices

- Computer Science, MathematicsNSS
- 2014

Based on the hardness assumption of gGCDHP, the first ID-based threshold ring signature scheme from lattices is constructed, proved in the random oracle model to be existentially unforgeable and signer anonymous.

### Provably Secure Group Signature Schemes From Code-Based Assumptions

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2020

A new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem are introduced.

### Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This paper constructs several lattice-based distributed signing protocols with low round complexity following the Fiat–Shamir with Aborts (FSwA) paradigm of Lyubashevsky, and observes that the use of commitment makes it possible to realize secure two-round n -out-of- n distributed signing and multi-signature in the plain public key model, by equipping the commitment with a trapdoor feature.

### An efficient lattice-based threshold signature scheme using multi-stage secret sharing

- Computer ScienceIET Inf. Secur.
- 2021

The authors improve the previously proposed TMSSS scheme, in such a way that less public values are required to publish on the bulletin board which makes the scheme more efficient while preserving the security of the scheme based on the lattice hard problems.

### A SM2 Elliptic Curve Threshold Signature Scheme without a Trusted Center

- Computer ScienceKSII Trans. Internet Inf. Syst.
- 2016

The efficiency analysis shows that if the same secret sharing algorithms are used to design the threshold signature schemes, the SM2 elliptic curve threshold signature scheme will be more efficient than the threshold signatures scheme based on ECDSA.

### Count Me In! Extendability for Threshold Ring Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

Anonymity is a central feature in threshold ring signature applications, such as whistleblowing, e-voting and privacy-preserving cryptocurrencies, and this work formalizes the syntax and provides a mean-ingful security model which includes different flavors of anonymous extendability for ring signatures, same-message linkable ring signatures and threshold ring signatures.

## References

SHOWING 1-10 OF 34 REFERENCES

### A Lattice-Based Threshold Ring Signature Scheme

- Computer Science, MathematicsLATINCRYPT
- 2010

A new lattice-based threshold ring signature scheme is proposed, modifying Aguilar's code-based solution to use the short integer solution (SIS) problem as security assumption, instead of the syndrome decoding (SD) problem, by applying the CLRS identification scheme.

### A New Efficient Threshold Ring Signature Scheme Based on Coding Theory

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2011

This scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N).

### A Separable Threshold Ring Signature Scheme

- Computer Science, MathematicsICISC
- 2003

A threshold ring signature scheme (spontaneous anonymous threshold signature scheme) that allows the use of both RSA-based and DL-based public keys at the same time and is existential unforgeable against chosen message attacks in the random oracle model is presented.

### Ring Signature Schemes from Lattice Basis Delegation

- Computer Science, MathematicsICICS
- 2011

The first lattice-based ring signature scheme in the random oracle model is obtained, and this second construction in the standard model achieves in stronger security definitions and shorter signatures than Brakeski-Kalai scheme.

### Provably Secure Code-Based Threshold Ring Signatures

- Computer Science, MathematicsIMACC
- 2009

A security proof is given of the scheme whose security relies -- in both random oracle and ideal cipher models -- on two coding theory problems, making it the first provably secure code-based threshold ring signature scheme.

### Ring Signatures: Stronger Definitions, and Constructions without Random Oracles

- Computer Science, MathematicsJournal of Cryptology
- 2007

This paper proposes new definitions of anonymity and unforgeability which address these threats, and shows the first constructions of ring signature schemes in the standard model that satisfies the strongest definitions of security.

### A Framework for Efficient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2010

This work shows a transformation taking a signature scheme with a very weak security guarantee and producing a fully secure signature scheme, and shows that ring trapdoor functions imply ring signatures under a weak definition, which enables the transformation to achieve full security.

### Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems

- Mathematics, Computer ScienceASIACRYPT
- 2008

It is shown that two variants of Stern's identification scheme are provably secure against concurrent attack under the assumptions on the worst-case hardness of lattice problems.

### Trapdoors for hard lattices and new cryptographic constructions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.

### Improved Zero-Knowledge Identification with Lattices

- Computer Science, MathematicsProvSec
- 2010

This paper adapts a code- -based identification scheme devised by Cayrel, V´eron and El Yousfi, which constitutes an improvement of Stern’s construction and offers a much milder security assumption: namely, the hardness of SIS for trinary solutions.