# Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives

@inproceedings{Derler2017PostQuantumZP, title={Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives}, author={David Derler and Sebastian Ramacher and Daniel Slamanig}, booktitle={IACR Cryptology ePrint Archive}, year={2017} }

In this paper we address the construction of privacy-friendly cryptographic primitives for the post-quantum era and in particular accumulators with zero-knowledge membership proofs and ring signatures. This is an important topic as it helps to protect the privacy of users in online authentication or emerging technologies such as cryptocurrencies. Recently, we have seen first such constructions, mostly based on assumptions related to codes and lattices. We, however, ask whether it is possible to…

## 39 Citations

### Post-Quantum Group Signatures from Symmetric Primitives Dan

- Computer Science, Mathematics
- 2018

The study of group signature schemes built only from symmetric primitives, such as hash functions and PRFs, widely regarded as the safest primitives for post-quantum security are initiated.

### Towards Practical Lattice-Based One-Time Linkable Ring Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender.

### Committing to quantum resistance: a slow defence for Bitcoin against a fast quantum computing attack

- Computer Science, MathematicsRoyal Society Open Science
- 2018

This paper considers the threats a quantum-capable adversary could impose on Bitcoin, which currently uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to sign transactions, and proposes a simple but slow commit–delay–reveal protocol, which allows users to securely move their funds from old (non-quantum-resistant) outputs to those adhering to a Quantum-resistant digital signature scheme.

### Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work uses the "MPC-in-the-head" paradigm with MPC protocols in the preprocessing model to construct a signature scheme based only on symmetric-key primitives (and hence with "post-quantum" security); the resulting scheme has shorter signatures than the scheme built using ZKB++ (and comparable signing/verification time), and is even competitive with hash-based signature schemes.

### Towards Practical and Round-Optimal Lattice-Based Threshold and Blind Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work improves the state of art lattice-based construction by Hauck et al as follows and improves the round complexity from three to two and reduces the amount of noise flooding from 2 down to √ QS, where QS is the bound on the number of signatures and λ is the security parameter.

### Post-Quantum EPID Group Signatures from Symmetric Primitives

- Computer Science, Mathematics
- 2018

The study of group signature schemes built only from symmetric primitives, such as hash functions and PRFs, widely regarded as the safest primitives for post-quantum security are initiated.

### Efficient Construction of Nominative Signature Secure under Symmetric Key Primitives and Standard Assumptions on Lattice

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work provides a new construction for nominative signature from standard assumptions on lattice that achieves security under unforgeability, invisibility, impersonation and non-repudiation in existing model and exhibits non-transferability.

### New code-based cryptographic accumulator and fully dynamic group signature

- Computer Science, MathematicsDesigns, Codes and Cryptography
- 2022

The proposed code-based cryptographic accumulator is based on the hardness of the Syndrome Decoding problem and satisfies the collision freeness and indistinguishability requirements, and an implementation of the scheme is given, to the best of the knowledge, the first direct implementation of a post-quantum cryptographic accumulators.

### A Supersingular Isogeny-Based Ring Signature

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

A post-quantum sigma protocol for a ring that relies on the supersingular isogeny-based interactive zero-knowledge identiﬁcation scheme proposed by De Feo, Jao, and Plˆut in 2014 is presented.

### Post-quantum EPID Signatures from Symmetric Primitives

- Computer Science, MathematicsCT-RSA
- 2019

This paper begins the study of EPID signature schemes built only from symmetric primitives, such as hash functions and PRFs, and presents two constructions in the random oracle model that achieve significantly shorter signatures than standard post-quantum signatures.

## References

SHOWING 1-10 OF 45 REFERENCES

### Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

- Computer Science, MathematicsCCS
- 2017

We propose a new class of post-quantum digital signature schemes that: (a) derive their security entirely from the security of symmetric-key primitives, believed to be quantum-secure, and (b) have…

### Digital Signatures from Symmetric-Key Primitives

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

One of the schemes is yielding the first practical instantiation of a design paradigm due to Bellare and Goldwasser without relying on structured hardness assumptions, and the whole design spectrum is explored to obtain optimal parameter choices for different settings.

### MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity

- Computer Science, MathematicsASIACRYPT
- 2016

We explore cryptographic primitives with low multiplicative complexity. This is motivated by recent progress in practical applications of secure multi-party computation (MPC), fully homomorphic…

### RingRainbow - An Efficient Multivariate Ring Signature Scheme

- Computer Science, MathematicsAFRICACRYPT
- 2017

This paper proposes a simple and efficient technique to extend arbitrary multivariate signature schemes to ring signature schemes and illustrates it using the example of Rainbow, providing perfect anonymity for the signer, as well as shorter ring signatures than all previously proposed post-quantum ring signatures schemes.

### On the Minimal Assumptions of Group Signature Schemes

- Computer Science, MathematicsICICS
- 2004

This work shows that the construction of secure group signature schemes based solely on the existence of one-way functions is unlikely, in contrast to what is known for standard signature schemes, which can be constructed from any one- way function.

### Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors

- Computer Science, MathematicsEUROCRYPT
- 2016

This paper provides an efficient method of proving statements using involved extensions of Stern's protocol to efficiently prove the membership of some element in a zero-knowledge manner, and describes new lattice-based group and ring signatures in the random oracle model.

### Ligero: Lightweight Sublinear Arguments Without a Trusted Setup

- Computer Science, MathematicsCCS
- 2017

A simple zero-knowledge argument protocol for NP whose communication complexity is proportional to the square-root of the verification circuit size, which is attractive not only for very large verification circuits but also for moderately large circuits that arise in applications.

### A New Efficient Threshold Ring Signature Scheme Based on Coding Theory

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2011

This scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N).

### Ring Signatures of Sub-linear Size Without Random Oracles

- Computer Science, MathematicsICALP
- 2007

A variation of the ring signature scheme is offered, where the signer is guaranteed anonymity even if the common reference string is maliciously generated, and an additional feature of this scheme is that it has perfect anonymity.

### Efficient Ring Signatures in the Standard Model

- Computer Science, MathematicsASIACRYPT
- 2017

A ring signature scheme allows one party to sign messages on behalf of an arbitrary set of users, called the ring. The anonymity of the scheme guarantees that the signature does not reveal which…