Article

Lattice signatures without trapdoors

Author:

Vadim LyubashevskyAuthors Info & Claims

EUROCRYPT'12: Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques

Pages 738 - 755

https://doi.org/10.1007/978-3-642-29011-4_43

Published: 15 April 2012 Publication History

Abstract

We provide an alternative method for constructing lattice-based digital signatures which does not use the "hash-and-sign" methodology of Gentry, Peikert, and Vaikuntanathan (STOC 2008). Our resulting signature scheme is secure, in the random oracle model, based on the worst-case hardness of the Õ(n^1.5)-SIVP problem in general lattices. The secret key, public key, and the signature size of our scheme are smaller than in all previous instantiations of the hash-and-sign signature, and our signing algorithm is also quite simple, requiring just a few matrix-vector multiplications and rejection samplings. We then also show that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem. Our construction naturally transfers to the ring setting, where the size of the public and secret keys can be significantly shrunk, which results in the most practical to-date provably secure signature scheme based on lattices.

References

[1]

Ajtai, M.: Generating Hard Instances of the Short Basis Problem. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1-9. Springer, Heidelberg (1999)

Digital Library

[2]

Albrecht, M. R., Farshim, P., Faugère, J.-C., Perret, L.: Polly Cracker, Revisited. In: Lee, D. H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 179-196. Springer, Heidelberg (2011)

Digital Library

[3]

Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535-553 (2011)

Digital Library

[4]

Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595-618. Springer, Heidelberg (2009)

Digital Library

[5]

Arora, S., Ge, R.: New Algorithms for Learning in Presence of Errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 403-415. Springer, Heidelberg (2011)

Digital Library

[6]

Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen 296, 625-635 (1993)

[7]

Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM Conference on Computer and Communications Security, pp. 390-399 (2006)

Digital Library

[8]

Boyen, X.: Lattice Mixing and Vanishing Trapdoors: A Framework for Fully Secure Short Signatures and More. In: Nguyen, P. Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499-517. Springer, Heidelberg (2010)

Digital Library

[9]

Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS (2011)

Digital Library

[10]

Brakerski, Z., Vaikuntanathan, V.: Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505-524. Springer, Heidelberg (2011)

Digital Library

[11]

Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai Trees, or How to Delegate a Lattice Basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523-552. Springer, Heidelberg (2010)

Digital Library

[12]

Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A. M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186-194. Springer, Heidelberg (1987)

Digital Library

[13]

Gama, N., Nguyen, P. Q.: Predicting Lattice Reduction. In: Smart, N. P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31-51. Springer, Heidelberg (2008)

Digital Library

[14]

Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169-178 (2009)

Digital Library

[15]

Gentry, C.: Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 116-137. Springer, Heidelberg (2010)

Digital Library

[16]

Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197-206 (2008)

Digital Library

[17]

Gentry, C., Szydlo, M.: Cryptanalysis of the Revised NTRU Signature Scheme. In: Knudsen, L. R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 299-320. Springer, Heidelberg (2002)

Digital Library

[18]

Goldreich, O., Goldwasser, S., Halevi, S.: Public-Key Cryptosystems from Lattice Reduction Problems. In: Kaliski Jr., B. S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112-131. Springer, Heidelberg (1997)

Digital Library

[19]

Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J. H., Whyte, W.: NTRUSIGN: Digital Signatures Using the NTRU Lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122-140. Springer, Heidelberg (2003)

Digital Library

[20]

Hoffstein, J., Pipher, J., Silverman, J. H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J. P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267-288. Springer, Heidelberg (1998)

Digital Library

[21]

Hoffstein, J., Pipher, J., Silverman, J. H.: NSS: An NTRU Lattice-Based Signature Scheme. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 211-228. Springer, Heidelberg (2001)

Digital Library

[22]

Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptology 9(4), 199-216 (1996)

[23]

Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372-389. Springer, Heidelberg (2008)

Digital Library

[24]

Lindner, R., Peikert, C.: Better Key Sizes (and Attacks) for LWE-Based Encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319-339. Springer, Heidelberg (2011)

Digital Library

[25]

Lyubashevsky, V.: Lattice-Based Identification Schemes Secure Under Active Attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162-179. Springer, Heidelberg (2008)

Digital Library

[26]

Lyubashevsky, V.: Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598-616. Springer, Heidelberg (2009)

Digital Library

[27]

Lyubashevsky, V., Micciancio, D.: Asymptotically Efficient Lattice-Based Digital Signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37-54. Springer, Heidelberg (2008)

Digital Library

[28]

Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1-23. Springer, Heidelberg (2010)

Digital Library

[29]

Micciancio, D., Mol, P.: Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 465-484. Springer, Heidelberg (2011)

Digital Library

[30]

Micciancio, D., Peikert, C.: Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700-718. Springer, Heidelberg (2012), Preliminary version, http://eprint.iacr.org/2011/501

Digital Library

[31]

Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267-302 (2007)

Digital Library

[32]

Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D. J., Buchmann, J., Dahmen, E. (eds.) Chapter in Post-quantum Cryptography, pp. 147-191. Springer, Heidelberg (2008)

[33]

Nguyên, P. Q.: Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto'97. In:Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 288-304. Springer, Heidelberg (1999)

Digital Library

[34]

Nguyen, P. Q., Regev, O.: Learning a parallelepiped: Cryptanalysis of GGH and NTRU signatures. J. Cryptology 22(2), 139-160 (2009)

Digital Library

[35]

Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: STOC, pp. 333-342 (2009)

Digital Library

[36]

Peikert, C.: An Efficient and Parallel Gaussian Sampler for Lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80-97. Springer, Heidelberg (2010)

Digital Library

[37]

Peikert, C., Rosen, A.: Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145-166. Springer, Heidelberg (2006)

Digital Library

[38]

Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361-396 (2000)

[39]

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6) (2009)

Digital Library

[40]

Rückert, M., Schneider, M.: Estimating the security of lattice-based cryptosystems. Cryptology ePrint Archive, Report 2010/137 (2010), http://eprint.iacr.org/

[41]

Stehlé, D., Steinfeld, R.: Making NTRU as Secure as Worst-Case Problems over Ideal Lattices. In: Paterson, K. G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27-47. Springer, Heidelberg (2011)

Digital Library

Cited By

de Castro LLee KBalzarotti DXu W(2024)VeriSimplePIRProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699232(5931-5948)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699232
Yu SShang MLi F(2024)A lattice-based efficient heterogeneous signcryption scheme for secure network communicationsJournal of High Speed Networks10.3233/JHS-22202030:1(19-27)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-222020
Xu RHe DLuo MPeng CZeng X(2024)Optimizing Dilithium Implementation with AVX2/-512ACM Transactions on Embedded Computing Systems10.1145/368730923:6(1-30)Online publication date: 10-Aug-2024
https://dl.acm.org/doi/10.1145/3687309
Show More Cited By

Lattice signatures without trapdoors
1. Information systems
  1. Data management systems
    1. Data structures
      1. Data layout
2. Security and privacy

Recommendations

Lattice Trapdoors and IBE from Middle-Product LWE
Theory of Cryptography
Abstract
Middle-product learning with errors (MP-LWE) was recently introduced by Rosca, Sakzad, Steinfeld and Stehlé (CRYPTO 2017) as a way to combine the efficiency of Ring-LWE with the more robust security guarantees of plain LWE. While Ring-LWE is at ...
Identity-Based Verifiably Encrypted Signatures without Random Oracles
ProvSec '09: Proceedings of the 3rd International Conference on Provable Security

Fair exchange protocol plays an important role in electronic commerce in the case of exchanging digital contracts. Verifiably encrypted signatures provide an optimistic solution to these scenarios with an off-line trusted third party. In this paper, we ...
Identity-Based Signature from Lattices Without Trapdoors
Information and Communications Security
Abstract
Currently, the majority of lattice-base identity-based signature (LB-IBS) schemes rely on lattice trapdoor technique introduced by Gentry, Peikert, and Vaikuntanathan. However, this approach significantly impacts computational efficiency. In light ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT'12: Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques

April 2012

756 pages

ISBN:9783642290107

Editors:
David Pointcheval
École Normale Supérieure, 45 Rue d'Ulm, Paris, France
,
Thomas Johansson
Department of Electrical and Information Technology, Lund University, 45 Rue d'Ulm, Lund, Sweden

Sponsors

Detica: Detica
QI: Qualcomm Inc.
VISA: VISA
Microsoft Research: Microsoft Research
BAE Systems: BAE Systems

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 15 April 2012

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

248
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

de Castro LLee KBalzarotti DXu W(2024)VeriSimplePIRProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699232(5931-5948)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699232
Yu SShang MLi F(2024)A lattice-based efficient heterogeneous signcryption scheme for secure network communicationsJournal of High Speed Networks10.3233/JHS-22202030:1(19-27)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-222020
Xu RHe DLuo MPeng CZeng X(2024)Optimizing Dilithium Implementation with AVX2/-512ACM Transactions on Embedded Computing Systems10.1145/368730923:6(1-30)Online publication date: 10-Aug-2024
https://dl.acm.org/doi/10.1145/3687309
Vanjani NSoni PThyagarajan SLuo BLiao XXu JKirda ELie D(2024)Functional Adaptor Signatures: Beyond All-or-Nothing Blockchain-based PaymentsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690240(1493-1507)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690240
Kniep QWattenhofer RQuek TGao DZhou JCardenas A(2024)Byzantine Fault-Tolerant Aggregate SignaturesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657020(1831-1843)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657020
Xu SCao YChen XGuo YYang YGuo FYiu SSerra ESpezzano F(2024)Post-Quantum Searchable Encryption Supporting User-Authorization for Outsourced Data ManagementProceedings of the 33rd ACM International Conference on Information and Knowledge Management10.1145/3627673.3679522(2702-2711)Online publication date: 21-Oct-2024
https://dl.acm.org/doi/10.1145/3627673.3679522
Du SLi JSun CXiao PHong QZhang J(2024)Analog In-memory Circuit Design of Polynomial Multiplication for Lattice Cipher Acceleration ApplicationACM Transactions on Embedded Computing Systems10.1145/360589123:6(1-24)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3605891
Yin XLiu Z(2024)A secure hierarchical deterministic wallet with stealth address from latticesTheoretical Computer Science10.1016/j.tcs.2024.1146721009:COnline publication date: 12-Sep-2024
https://dl.acm.org/doi/10.1016/j.tcs.2024.114672
Tan CPrabowo T(2024)A new key recovery attack on a code-based signature from the Lyubashevsky frameworkInformation Processing Letters10.1016/j.ipl.2023.106422183:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.ipl.2023.106422
Farzaliyev VPärn CSaarse HWillemson J(2024)Lattice-Based Zero-Knowledge Proofs in Action: Applications to Electronic VotingJournal of Cryptology10.1007/s00145-024-09530-538:1Online publication date: 26-Nov-2024
https://dl.acm.org/doi/10.1007/s00145-024-09530-5
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten