TY - JOUR
T1 - Tighter reduction for lattice-based multisignature
AU - Fukumitsu, Masayuki
AU - Hasegawa, Shingo
N1 - Funding Information:
We would like to thank anonymous reviewers for their valuable comments and suggestions. We are also grateful to Akira Takahashi for his fruitful comments on the security proof. This work was supported in part by JSPS KAKENHI Grant Numbers JP18K11288 and JP19K20272.
Publisher Copyright:
Copyright © 2021 The Institute of Electronics, Information and Communication Engineers
PY - 2021
Y1 - 2021
N2 - Multisignatures enable multiple users to sign a message interactively. Many instantiations are proposed for multisignatures, however, most of them are quantum-insecure, because these are based on the integer factoring assumption or the discrete logarithm assumption. Although there exist some constructions based on the lattice problems, which are believed to be quantum-secure, their security reductions are loose. In this paper, we aim to improve the security reduction of lattice-based multisignature schemes concerning tightness. Our basic strategy is combining the multisignature scheme proposed by El Bansarkhani and Sturm with the lattice-based signature scheme by Abdalla, Fouque, Lyubashevsky, and Tibouchi which has a tight security reduction from the Ring-LWE (Ring Learning with Errors) assumption. Our result shows that proof techniques for standard signature schemes can be applied to multisignature schemes, then we can improve the polynomial loss factor concerning the Ring-LWE assumption. Our second result is to address the problem of security proofs of existing lattice-based multisignature schemes pointed out by Damgård, Orlandi, Takahashi, and Tibouchi. We employ a new cryptographic assumption called the Rejected-Ring-LWE assumption, to complete the security proof.
AB - Multisignatures enable multiple users to sign a message interactively. Many instantiations are proposed for multisignatures, however, most of them are quantum-insecure, because these are based on the integer factoring assumption or the discrete logarithm assumption. Although there exist some constructions based on the lattice problems, which are believed to be quantum-secure, their security reductions are loose. In this paper, we aim to improve the security reduction of lattice-based multisignature schemes concerning tightness. Our basic strategy is combining the multisignature scheme proposed by El Bansarkhani and Sturm with the lattice-based signature scheme by Abdalla, Fouque, Lyubashevsky, and Tibouchi which has a tight security reduction from the Ring-LWE (Ring Learning with Errors) assumption. Our result shows that proof techniques for standard signature schemes can be applied to multisignature schemes, then we can improve the polynomial loss factor concerning the Ring-LWE assumption. Our second result is to address the problem of security proofs of existing lattice-based multisignature schemes pointed out by Damgård, Orlandi, Takahashi, and Tibouchi. We employ a new cryptographic assumption called the Rejected-Ring-LWE assumption, to complete the security proof.
KW - Lattice cryptography
KW - Multisignature
KW - Ring-LWE
KW - Tight security
UR - http://www.scopus.com/inward/record.url?scp=85120967637&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85120967637&partnerID=8YFLogxK
U2 - 10.1587/transfun.2020EAP1131
DO - 10.1587/transfun.2020EAP1131
M3 - Article
AN - SCOPUS:85120967637
SN - 0916-8508
VL - E104A
SP - 1685
EP - 1697
JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
IS - 12
ER -