Abstract.Wepresentanimprovedlattice-basedgroupsignatureschemewhoseparametersizesand runningtimesareindependentofthegroupsize.Thesignaturelengthinourschemeisaround200KB, whichisapproximatelya3Xreductionoverthepreviouslymostcompactsuchscheme,basedonany quantum-safeassumption,ofdelPinoetal.(ACMCCS2018)...
Abstract.Wepresentaquantumlysecureidentity-basedsignature schemebasedonthestandardshortintegersolutionproblem,featuringtightsecurityreductionsinthequantumandclassicrandomoracle models.Theschemehasshortsignatures.Eachsignaturecontainsasinglelatticevectorplusasinglebit.Comparedtotheexistingtightly sec...
Abstract.ThispaperintroducesBicameralandAuditablyPrivateSignatures(BAPS)–anewprivacy-preservingsignaturesystemwithseveralnovelfeatures.InaBAPSsystem,givenacertifiedattributexand acertifiedpolicyP,asignercanissueapubliclyverifiablesignatureΣ onamessagemaslongas(m,x)satisfiesP.Anoteworthycharacteristi...
Abstract—WeintroduceMatRiCT+,apracticalprivate blockchainpaymentprotocolbasedon“post-quantum”lattice assumptions.MatRiCT+buildsonMatRiCTduetoEsginetal. (ACMCCS’19)and,ingeneral,followstheRingConfidential Transactions(RingCT)approachusedinMonero,thelargest privacy-preservingcryptocurrency.Intermsofth...
Abstract.Wepresentaquantumlysecureidentity-basedsignature schemebasedonthestandardshortintegersolutionproblem,featuringtightsecurityreductionsinthequantumandclassicrandomoracle models.Theschemehasshortsignatures.Eachsignaturecontainsasinglelatticevectorplusasinglebit.Comparedtotheexistingtightly sec...
Abstract—Athresholdsignatureschemedistributestheability togeneratesignaturesthroughdistributedkeygenerationand signingprotocols.Athresholdsignatureschemeshouldbefunctionallyinterchangeable,meaningthatasignatureproducedby athresholdschemeshouldbeverifiablebythesamealgorithm usedfornon-thresholdsignat...
Abstract.Weproposeaveryfastlattice-basedzero-knowledgeproofsystemforexactlyprovingknowledgeofaternarysolutions2f−1;0;1g n toalinearequationAs=uoverZq,whichimprovesupon theprotocolbyBootle,LyubashevskyandSeiler(CRYPTO2019)byproducingproofsthatareshorter byafactorof8. Atthecoreliesatechniquethatutiliz...
Abstract.Weconstructapracticallattice-basedzero-knowledgeargumentforprovingmultiplicative relationsbetweencommittedvalues.Theunderlyingcommitmentschemethatweuseisthecurrently mostefficientoneofBaumetal.(SCN2018),andthesizeofourmultiplicativeproof(9KB)isonly slightlylargerthanthe7KBrequiredforjustpro...
Lattice-basedcryptographyisevolvingrapidlyandisoftenemployedtodesigncryptographicprimitivesthatholdagreatpromisetobepost-quantumresistantandcanbeemployedinmultipleapplicationsettingssuchas:e-cash,uniquedigitalsignatures,non-interactivelotteryandothers.Insuch applicationscenarios,auserisoftenrequired...
Weintroducethenotionofhybridtrapdoorcommitmentschemes.Intuitivelyahybridtrapdoorcommitmentschemeisa primitivewhichcanbeeitheranunconditionallybindingcommitmentschemeoratrapdoorcommitmentschemedependingonthe distributionofcommitmentparameters.Moreover,suchtwopossibledistributionsarecomputationallyind...
Abstract.Wepresentaquantumlysecureidentity-basedsignature schemebasedonthestandardshortintegersolutionproblem,featuringtightsecurityreductionsinthequantumandclassicrandomoracle models.Theschemehasshortsignatures.Eachsignaturecontainsasinglelatticevectorplusasinglebit.Comparedtotheexistingtightly sec...
Abstract—Theultimategoalinmodernsecuree-votingis toenableeveryonetoverifywhetherthefinalelection resultcorrectlyreflectsthevoteschosenbythe(human) voters,withoutexposinghoweachindividualvoted.These fundamentalsecuritypropertiesarecalledend-to-endveri fiabilityandvoterprivacy.Unfortunately,itturnsout...
Abstract.Wegiveaconstructionofanefficientone-out-of-manyproof system,inwhichaprovershowsthatheknowsthepre-imageforone elementinaset,basedonthehardnessoflatticeproblems.Theconstructionemploystherecentzero-knowledgeframeworkofLyubashevsky etal.(Crypto2022)togetherwithanimproved,overpriorlattice-based ...
Abstract.Inthiswork,weconstructthefirstdigitalsignature(SIG) andpublic-keyencryption(PKE)schemeswithalmosttightmulti-user securityunderadaptivecorruptionsbasedonthelearning-with-errors (LWE)assumptioninthestandardmodel.OurPKEschemeachievesalmosttightIND-CCAsecurityandourSIGschemeachievesalmosttight ...
Abstract.Inthispaper,weconsidertightmulti-usersecurityunder adaptivecorruptions,wheretheadversarycanadaptivelycorruptsome usersandobtaintheirsecretkeys.Weproposegenericconstructionsfor abunchofprimitives,andtheinstantiationsfromthematrixdecisional Diffie-Hellman(MDDH)assumptionsyieldthefollowingsche...
Abstract.Inthispaper,weconsidertightmulti-usersecurityunder adaptivecorruptions,wheretheadversarycanadaptivelycorruptsome usersandobtaintheirsecretkeys.Weproposegenericconstructionsfor abunchofprimitives,andtheinstantiationsfromthematrixdecisional Diffie-Hellman(MDDH)assumptionsyieldthefollowingsche...
ABSTRACT Cryptographicvotingprotocolshaverecentlyseenmuchinterest frompractitionersduetotheir(planned)useincountriessuchas Estonia,Switzerland,France,andAustralia.Practicalprotocolsusuallyrelyontesteddesignssuchasthemixing-and-decryptionparadigm.There,multipleserversverifiablyshuffleencryptedballots...
Inagroupsignaturescheme,userscananonymouslysignmessagesonbehalfofthegroup theybelongto,yetitispossibletotracethesignerwhenneeded.Sincethefirstproposal oflattice-basedgroupsignaturesintherandomoraclemodelbyGordon,Katz,andVaikuntanathan(ASIACRYPT2010),therealizationoftheminthestandardmodelfromlattices...
Abstract—Weconsidertheproblemofincreasingthethreshold parameterofasecret-sharingschemeafterthesetup(sharedistribution)phase,withoutfurthercommunicationbetweenthedealer andtheshareholders.Previoussolutionstothisproblemrequire onetostartoffwithanonstandardschemedesignedspecifically forthispurpose,orto...
Abstract—Theultimategoalinmodernsecuree-votingis toenableeveryonetoverifywhetherthefinalelection resultcorrectlyreflectsthevoteschosenbythe(human) voters,withoutexposinghoweachindividualvoted.These fundamentalsecuritypropertiesarecalledend-to-endveri fiabilityandvoterprivacy.Unfortunately,itturnsout...