research-article

Practical, Round-Optimal Lattice-Based Blind Signatures

Authors:

Shweta Agrawal,

Elena Kirshanova,

Damien Stehlé,

Anshu YadavAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 39 - 53

https://doi.org/10.1145/3548606.3560650

Published: 07 November 2022 Publication History

Get Access

Abstract

Blind signatures are a fundamental cryptographic primitive with numerous practical applications. While there exist many practical blind signatures from number-theoretic assumptions, the situation is far less satisfactory from post-quantum assumptions. In this work, we provide the first overall practical, lattice-based blind signature, supporting an unbounded number of signature queries and additionally enjoying optimal round complexity. We provide a detailed estimate of parameters achieved -- we obtain a signature of size slightly above 45KB, for a core-SVP hardness of 109 bits. The run-times of the signer, user and verifier are also very small.

Our scheme relies on the Gentry, Peikert and Vaikuntanathan signature [STOC'08] and non-interactive zero-knowledge proofs for linear relations with small unknowns, which are significantly more efficient than their general purpose counterparts. Its security stems from a new and arguably natural assumption which we introduce, called the one-more-ISIS assumption. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC'03]. To gain confidence in our assumption, we provide a detailed analysis of diverse attack strategies.

Supplementary Material

MP4 File (CCS22-fpb484.mp4)

In this video we talk about our construction of the first overall practical, lattice based blind signature which supports unbounded number of signature queries and is also round-optimal. Our construction is based on digital signature scheme by Gentry, Peikert and Vaikuntanathan [STOC'08] and NIZK proof system for linear statements with small unknowns, which are significantly more efficient than their general-purpose counterparts. The security of our scheme is based on a new assumption that we introduce, called one-more-ISIS. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC'03], that was introduced to construct efficient round-optimal blind signature in the number theoretic regime. We provide a detailed cryptanalysis of our assumption and an estimate of our parameters in the paper.

Download
38.78 MB

References

[1]

Masayuki Abe. 2001. A secure three-move blind signature scheme for polynomially many signatures. In EUROCRYPT.

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Practical round-optimal blind signatures without random oracles or non-interactive zero-knowledge proofs

A round-optimal lattice-based blind signature scheme for cloud services

Efficient identity-based signatures and blind signatures

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations