Lattice Signatures Without Trapdoors

@inproceedings{Lyubashevsky2011LatticeSW,
  title={Lattice Signatures Without Trapdoors},
  author={Vadim Lyubashevsky},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2011}
}
  • Vadim Lyubashevsky
  • Published in IACR Cryptol. ePrint Arch. 15 April 2012
  • Computer Science, Mathematics
We provide an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology of Gentry, Peikert, and Vaikuntanathan (STOC 2008). Our resulting signature scheme is secure, in the random oracle model, based on the worst-case hardness of the O(n1.5)-SIVP problem in general lattices. The secret key, public key, and the signature size of our scheme are smaller than in all previous instantiations of the hash-and-sign signature, and our signing… 
Lattice-based Signatures with Tight Adaptive Corruptions and More
TLDR
This work constructs the first tightly secure signature schemes in the multi-user setting with adaptive corruptions from lattices based on the Learning with Errors (LWE) assumption, and formally rule out the possibility that the aforementioned “ID-toSignature” methodology can work tightly using parallel OR proofs.
Cryptanalysis of a code-based signature scheme without trapdoors
TLDR
An attack on the recent attempt by Li, Xing and Yeo to produce a code-based signature scheme using the Schnorr-Lyubashevsky approach in the Hamming metric is proposed, and it is proved the existence of a strong correlation between produced signatures, which ultimately leaks information about the secret key.
Towards Practical and Round-Optimal Lattice-Based Threshold and Blind Signatures
TLDR
This work improves the state of art lattice-based construction by Hauck et al as follows and improves the round complexity from three to two and reduces the amount of noise flooding from 2 down to √ QS, where QS is the bound on the number of signatures and λ is the security parameter.
Short lattice signatures with constant-size public keys
TLDR
This paper proposes a new method for constructing short lattice signatures with constant-size public keys in the standard model, and introduces a new hard lattice problem, called variant small integer solution (Variant-SIS), and gives the security reduction from smallinteger solution to Variant-S IS.
Lattice-based Threshold Signature with Message Block Sharing
TLDR
An interesting tool is introduced to construct the k-out-of-N threshold signature schemes, which are a protocol that approves any subset of k members among N members to produce a valid signature, but it is impossible to generate a valid signatures in case fewer thank members are involved in the protocol.
SHORTER HASH-AND-SIGN LATTICE-BASED SIGNATURES
  • Yu Yang
  • Computer Science, Mathematics
  • 2022
TLDR
It is shown that the Gaussian vectors in signatures can be represented in a more compact way with appropriate coding-theoretic techniques, improving signature size by an additional 7 to 14% and reducing the modulus q with respect to which signatures are computed almost “for free”.
Lattice signatures using NTRU on the hardness of worst-case ideal lattice problems
TLDR
The authors propose an alternative lattice-based signature scheme on the Fiat-Shamir framework over the ring Z [ x ] / ( x n + 1 ) which is provably secure based on the hardness of the Ring SIS problem in the random oracle model.
Programmable Hash Functions from Lattices: Short Signatures and IBEs with Small Key Sizes
TLDR
Under the Inhomogeneous Small Integer Solution ISIS assumption, it is shown that any non-trivial lattice-based PHF is collision-resistant, which gives a direct application of this new primitive.
TESLA: Tightly-Secure Efficient Signatures from Standard Lattices
TLDR
This work proves the lattice-based signature scheme TESLA to be tightly secure based on the learning with errors problem over lattices in the random-oracle model, and improves the security of the original proposal by Bai and Galbraith twofold: the security reduction is tightened and the underlying security assumptions are minimized.
...
...

References

SHOWING 1-10 OF 63 REFERENCES
Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures
TLDR
This work demonstrates how the framework that is used for creating efficient number-theoretic ID and signature schemes can be transferred into the setting of lattices and is able to shorten the length of the signatures that are produced by Girault's factoring-based digital signature scheme.
Estimating the Security of Lattice-based Cryptosystems
TLDR
This work provides a framework that distills a hardness estimate out of a given parameter set and relates the complexity of practical lattice-based attacks to symmetric “bit security” for the first time.
Lattice Mixing and Vanishing Trapdoors: A Framework for Fully Secure Short Signatures and More
  • Xavier Boyen
  • Computer Science, Mathematics
    Public Key Cryptography
  • 2010
TLDR
Here the framework for adaptive security from hard random lattices in the standard model is proposed, and fully secure signatures, and also IBE, that are compact, simple, and elegant are obtained.
Trapdoors for hard lattices and new cryptographic constructions
TLDR
A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller
We give new methods for generating and using "strong trapdoors" in cryptographic lattices, which are simultaneously simple, efficient, easy to implement (even in parallel), and asymptotically optimal
Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages
TLDR
A somewhat homomorphic encryption scheme that is both very simple to describe and analyze, and whose security reduces to the worst-case hardness of problems on ideal lattices using the RLWE assumption, which allows us to completely abstract out the lattice interpretation.
Asymptotically Effi cient Lattice-Based Digital Signatures
TLDR
The construction is provably secure based on the worst-case hardness of approximating the shortest vector in ideal lattices within a polynomial factor, and asymptotically efficient: the time complexity of the signing and verification algorithms, as well as key and signature size is almost linear in the dimension n of the underlying lattice.
Making NTRU as Secure as Worst-Case Problems over Ideal Lattices
TLDR
This work shows how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields.
Multi-signatures in the plain public-Key model and a general forking lemma
TLDR
This work provides a new scheme that is proven secure in the plain public-key model, meaning requires nothing more than that each signer has a (certified) public key, and is provenSecure in the random-oracle model under a standard (not bilinear map related) assumption.
Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures
TLDR
This work proposes an alternative method to attack signature schemes à la GGH by studying the following learning problem: given many random points uniformly distributed over an unknown n-dimensional parallelepiped, recover the parallelePiped or an approximation thereof and transforms this problem into a multivariate optimization problem that can provably be solved by a gradient descent.
...
...