Threshold Lattice-Based Signature Scheme for Authentication by Wearable Devices

Round 1

Reviewer 1 Report

The paper presents a threshold lattice-based signature scheme for authentication by wearable devices. It presents a new and interesting proposal related to post-quantum cryptography. Currently, the NIST is in the process of standardizing one or more quantum-resistant public-key cryptographic algorithm. So, this study is up-to-dated.

From my point of view the most important weaknesses is related to the relationship between the title and the contents. The paper does not include anything related to wearable devices. As is well known these devices have several constraints, that is why lightweight cryptography (LWC) is proposed to provide security. However, this study does not include anything about LWC. In fact, nothing is included about wearables inside the paper.

On the other hand, when describing the LWE problem, it would be interesting to mention that Regev proved that the LWE problem reduces to the Gap-SVP problem [1]. 

[1] Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6), sep 2009.

Author Response

Good afternoon, thank you for your review. We were able to improve the article according to your comments.
In accordance with your comments, we have added more mentions of wearable devices in the introduction, as well as reviewed existing LWC solutions. We also added a mention of Regev's work to the text of the article.

Reviewer 2 Report

The authors have proposed a threshold signature scheme extending the Damgaard scheme using wearable devices. But they need to consider some of the challenges which can impact the novelty of the proposed scheme, which is mentioned as follows:

1) The authors have improved the Damgaard scheme in their proposed scheme using wearable devices as mentioned in the title of the manuscript. Then, authors should discuss about the Damgaard scheme in the introduction section in detail and its associated disadvantages which motivates them for the proposed scheme. Moreover, they should focus on discussing the research works utilizing Damgaard and their limitations.

2)There is no literature review analysis performed for the proposed section to show its advantages over the existing literature. Moreover, the main motivation and goal of the proposed scheme should be focused by comparing the literature with the proposed scheme considering various parameters to show the benefits of the proposed scheme.

3) In section 2, the equations are not formulated concisely which them difficult to understand. For instance, the relationship between equation 11 and 12 is not clear to get insights into the secret sharing scheme. The authors should improve the explanation of the equations related to the secret sharing.

4) The proposed scheme works on the principle of threshold signature for ensuring the security in the system. However, malicious attackers can easily forge the confidential data making system susceptible to various privacy and trust issues. Then, how authors are going to handle the data security issues that can deteriorate the performance of the proposed scheme. Moreover, they should consider some security tool to show that if their system is secure to that extent or not.

5) There is no experimental results or simulation performed for the proposed scheme. How authors are tackling the communication overhead and scalability issues of the proposed scheme? They have not considered any aspect that can impact the performance of the system. Without any experimental results, there is no novelty in the proposed scheme. Justify.

6) In conclusion, the authors have specified the advantages of the proposed scheme such as scalability and resistance to attacks which is not discussed in the paper. Then, what is the reason for specifying such a statement without any novelty? Moreover, they should prove the feasibility of the proposed scheme with large signatures.

Spell checks and active/passive sentences need to look in the entire manuscript

Author Response

Good afternoon, thank you for your detailed review. We were able to improve the article according to your comments.
1) Based on your comment, we have added more descriptions of Damgaard's work to the introduction section.
2) In the introduction section, we added more descriptions of previously developed schemes, and also in the discussion section, we added a comparison table of quantitative indicators of our scheme in comparison with previously developed lattice-based threshold signature schemes.
3) In section 2, we added more comments to the formulas to better explain their meaning.
4) We have added a new section dedicated to the security of the scheme, where we have given a theoretical proof of security.
5) In the discussion section, we have added a table illustrating the operating time of the scheme algorithms at different security levels, as well as a comparative table with other schemes to emphasize the effectiveness of the developed scheme in comparison with other post-quantum schemes.
6) Since we have shown the efficiency of the scheme in comparison with its post-quantum analogues, and also proved its security, we can assert the security and scalability properties of the developed scheme.

Round 2

Reviewer 1 Report

The paper could be published after correcting some typos:

- Lightweight cryptography should be written in the same way. Sometimes authors write light-weight cryptography.

- Line 26: a missing space in “(MAC).However”

- Line 145: there is an extra space in “Formally , it”

- Line 481: FFT must be define before it appears in the paper. The same for ECDSA (line 504)

Author Response

Good afternoon, thank you for your valuable comments, thanks to them the article has become much better and clearer. We have corrected the article based on your previous comments, namely, corrected typos and defined abbreviations.

Reviewer 2 Report

I am not able to locate any changes in the revised manuscript. The authors have not changed the color of the text that they have changes. 

Also in the response sheet, the authors have taken it very lightly. Not prepared the response sheet with proper justification and page numbers.

Update it one more time as per the last given comments.

NA

Author Response

Good afternoon, thank you very much for your valuable comments, thanks to them the article has become more readable and understandable. We have highlighted the corrected and added text, and we also present you the answers to your comments in your review.

1) We have added more descriptions about Damgaard's work (lines 124-134).

2) In the introduction, previously developed threshold lattice-based signature schemes were considered in more detail (lines 91-115). Also, quantitative indicators of stored and transmitted data were calculated for these schemes, and a comparison was made with the developed scheme (Table 3 page 13, lines 514-519).

3) In section 2, we added more comments to the formulas to better explain their meaning (lines 220-222).

4) To prove the security of the scheme, a new section was added (lines 359-476), which provides a theoretical proof of the security of the scheme for the UF-CMA model (lines 373-467). Additionally, the methods of protecting the system from attacks on lattices were also mentioned (lines 468-476).

5) In the discussion section, we have added a table illustrating the operating time of the scheme algorithms at different security levels (Table 1, page 12). Based on the results obtained from the table, we can talk about the high speed of the algorithms, even when working at a high level of security. A comparative table with the classical ECDSA threshold scheme was also presented (table 2, page 13), and a general comparative table of threshold signature schemes on lattices (table 3, page 13). Based on Table 3, taking into account the operating time of the algorithm from Table 1, it can be argued that the developed scheme is the best scheme among analogues in terms of the characteristics under consideration.

6) The calculation of the quantitative indicators of the scheme (table 2, table 3, page 13), the time of its operation (table 1, page 12), as well as the theoretical proof of the security of the scheme (pages 10-12) allow us to conclude that the developed scheme represents a scientific novelty.

The text of the article with the marked sections is in the attached file.

Author Response File: Author Response.pdf

Round 3

Reviewer 2 Report

Explanation of Tables 1 and 3 is missing. 

Add it in a more detailed form.

Explanation of Tables 1 and 3 is missing. 

Add it in a more detailed form.

Author Response

Good afternoon, thank you very much for your interested attitude to the topic of work and attentive and friendly reading of our article and for your valuable comments, thanks to them our article has become much better than it was at the beginning. In accordance with your recent recommendations, we have expanded the description of Table 1, in particular, added a mention of the parameters recommended by NIST (lines 480-492). We also expanded the description of Table 3, namely, described in more detail the differences between the proposed scheme and previously developed lattice-based schemes (lines 506 - 521). We also improved the English language not only in the Discussion section, but also in the entire article.