Abstract
In Sakumoto et al. (CRYPTO 2011, LNCS, vol 6841. Springer, Berlin, pp 706–723, 2011), presented a new multivariate identification scheme, whose security is based solely on the MQ-Problem of solving systems of quadratic equations over finite fields. In this paper we extend this scheme to a threshold ring identification and signature scheme. Our scheme is the first multivariate scheme of this type and generally one of the first multivariate signature schemes with special properties. Despite of the fact that we need more rounds to achieve given levels of security, the signatures are at least twice shorter than those obtained by other post-quantum (e.g. code based) constructions. Furthermore, our scheme offers provable security, which is quite a rare fact in multivariate cryptography.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
To achieve given levels of security, it might be necessary to run the identification scheme several (say \(r\)) times. In this case, the challenge is given as \(Ch={\fancyscript{R}}(m, \mathrm{com}_1, \ldots , \mathrm{com}_M)\) and the signature has the form \(\sigma =(\mathrm{com}_1, \ldots , \mathrm{com}_r, Rsp_1, \ldots , Rsp_r)\).
In practice this is realized by a collision- and pre-image resistant hash function.
In fact, an affine system is called regular if and only if its homogeneous part of highest degree is regular [3]. From this definition one can obtain complexity estimates for affine systems.
For 193 rounds (corresponds to 80 bit security) the length of the hash value must be \(\ge 386\) bits.
References
Aguilar, C., Cayrel, P.L., Gaborit, P., Laguillaumie, F.: A new efficient threshold ring signature scheme based on coding theory. IEEE Trans. Inf. Theory 57(7), 4833–4842 (2011)
Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post Quantum Cryptography. Springer, Berlin (2009)
Bettale, L., Faugère, J.C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 177–197 (2009)
Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: -cryptosystems as replacement for elliptic curves? In: CHES, LNCS vol. 5154, pp. 45–61. Springer, Berlin (2008)
Bouillaguet, C., Chen, H.-C., Cheng, C.-M., Chou, T., Niederhagen, R., Shamir, A., Yang, B.-Y.: Fast exhaustive search for polynomial systems in F2. In: CHES 2010, LNCS vol. 6225, pp. 203–218. Springer, Berlin (2010)
Boyen, X.: Mesh signatures. In: EUROCRYPT 2007, LNCS vol. 4515, pp. 210–227. Springer, Berlin (2007)
Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and their application to ad-hoc groups. In: CRYPTO 2002, LNCS vol. 2442, pp. 465–480. Springer, Berlin (2002)
Cayrel, P.L., Lindner, R., Rückert, M., Silva, R.: A lattice-based threshold ring signature scheme. In: LATINCRYPT 2010, LNCS vol. 6212, pp. 255–272. Springer, Berlin (2010)
Chen, A.I.T., Chen, M.-S., Chen, T.-R., Cheng, C.-M., Ding, J., Kuo, E.L.-H., Lee, F.Y.-S., Yang, B.-Y.: SSE implementation of multivariate pkcs on modern x86 cpus. In: CHES 2009, LNCS vol. 5747, pp. 33–48. Springer, Berlin (2009)
Ding, J., Gower, J.E., Schmidt, D.: Multivariate Public Key Cryptosystems. Springer, Berlin (2006)
Faugère, J.C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: ISSAC 2002, pp. 75–83. ACM Press, New York (2002)
Fiat, A., Shamir, A.: How to Prove Yourself. In: CRYPTO 1986, LNCS vol. 263, pp. 186–194. Springer, Berlin (1986)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)
Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawzyck, H. (ed.) CRYPTO 1998, LNCS vol. 1462, pp. 257–266. Springer, Heidelberg (1998)
Liu, J.K., Wei, V.K., Wong, D.S.: A separable threshold ring signature scheme. In: ICISC 2003, LNCS vol. 2971, pp. 352–369. Springer, Berlin (2003)
Nachef, V., Patarin, J., Volte, E.: Zero-knowledge for multivariate polynomials. In: Latincrypt 2012, LNCS vol. 7533, pp. 194–213. Springer, Berlin (2012)
Pointcheval, P., Stern, J.: Security proofs for signature schemes. In: EUROCRYPT 96, LNCS vol. 1070, pp. 387–398. Springer, Berlin (1996)
Sakumoto, K.: Public-key identification schemes based on multivariate cubic polynomials. In: PKC 2012, LNCS vol. 7293, pp. 172–189. Springer, Berlin (2012)
Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: CRYPTO 2011, LNCS vol. 6841, pp. 706–723. Springer, Berlin (2011)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Acknowledgments
We thank Pierre-Louis Cayrel and the anonymous referees (both of PKC 2012 and AAECC) for their comments which helped to improve the paper. The first author thanks the Horst Görtz Foundation for financial support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Petzoldt, A., Bulygin, S. & Buchmann, J. A multivariate based threshold ring signature scheme. AAECC 24, 255–275 (2013). https://doi.org/10.1007/s00200-013-0190-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00200-013-0190-3