A Novel Linkable Ring Signature on Ideal Lattices
Abstract
:1. Introduction
Contributions
2. Preliminaries
2.1. Notations
2.2. Hash Functions
2.3. Statistical Distance
3. Framework and Security Model of LRS Scheme
- : Input the security parameter n, and output the public parameter .
- : Input , and output of a keypair .
- : Input , a singer’s , a message and the ring (), and output a signature .
- : Input the signature , and output “1” or “0”.
- : Input two valid signatures , and output “1” or “0”.
Security Properties
- (1)
- did not query the private key of ;
- (2)
- did not query ’s signature, then won the game.
4. Construction of Our LRS
4.1. LRS-Setup
4.2. LRS-KeyGen
4.3. LRS-Sign
4.4. LRS-Verify
4.5. LRS-Link
4.6. LRS-Correctness
- 1.
- From Corollary 6.2 of [27], we obtain that the probability of is approximately ;
- 2.
- We need to show . Since , we have .
4.7. Construction of Our RS
5. Security Analysis
- 1.
- sends message to . For , picks and . queries and returns the same record if there is already the query;
- 2.
- Otherwise, picks and passes to . records
- 1.
- queries first. If has already been queried, returns ;
- 2.
- Otherwise, picks , and passes to . records to .
- 1.
- checks . If does not exist, go to Hash query and record in .
- 2.
- checks . If does not exist, go to Extract query and record in .
- 3.
- checks and . seeks the record in and the record in ;
- 4.
- Let , , returns the signature .
- 1.
- has not inquired the private key of the public key ;
- 2.
- has not inquired ’s signature.
- 1.
- hands a message and uses the LRS-KeyGen to generate key pair
- 2.
- picks the ring and . calls LRS-Sign to generate the signatures and .
- 3.
- picks , then reselects and uses the ring to call the LRS-KeyGen to generate the signature . sends to .
- 1.
- When , because the ring is the same and the calculated is the same, there is at most one output of the signature output which is different from the real signer’s subscript, so there are identical at least . That is, when the signature is signed by the same private key for different messages, it can be completely determined.
- 2.
- when , because the ring is the same and H is strong anti-collision, when calculating , the probability that the hash values and are equal can be negligible. Therefore, only one probability is negligible at most with the same output value as the real signer subscript.
6. Efficiency Analysis
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Rivest, R.L.; Shamir, A. How to leak a secret. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2001; pp. 552–565. [Google Scholar]
- Komano, Y.; Ohta, K.; Shimbo, A.; Kawamura, S.I. Toward the fair anonymous signatures: Deniable ring signatures. In Proceedings of the Cryptographers’ Track at the RSA Conference; Springer: Berlin/Heidelberg, Germany, 2006; pp. 174–191. [Google Scholar]
- Gao, W.; Chen, L.; Hu, Y.; Newton, C.J.; Wang, B.; Chen, J. Lattice-based deniable ring signatures. Int. J. Inf. Secur. 2019, 18, 355–370. [Google Scholar] [CrossRef]
- Zhang, F.; Kim, K. Efficient id-based blind signature and proxy signature from bilinear pairings. In Proceedings of the Australasian Conference on Information Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2003; pp. 312–323. [Google Scholar]
- Herranz, J.; Sáez, G. New identity-based ring signature schemes. In Proceedings of the International Conference on Information and Communications Security; Springer: Berlin/Heidelberg, Germany, 2004; pp. 27–39. [Google Scholar]
- Xu, F.; Lv, X. A new identity-based threshold ring signature scheme. In Proceedings of the 2011 IEEE International Conference on Systems, Man, and Cybernetics, Anchorage, AK, USA, 9–12 October 2011; pp. 2646–2651. [Google Scholar]
- Deng, L.; Zeng, J. Two new identity-based threshold ring signature schemes. Theor. Comput. Sci. 2014, 535, 38–45. [Google Scholar] [CrossRef]
- Jia, X.; He, D.; Xu, Z.; Liu, Q. An efficient identity-based ring signature over a lattice (in chinese). J. Cryptologic Res. 2017, 4, 392–404. [Google Scholar]
- Deng, L.; Jiang, Y.; Ning, B. Identity-based linkable ring signature scheme. IEEE Access 2019, 7, 153969–153976. [Google Scholar] [CrossRef]
- El Kaafarani, A.; Chen, L.; Ghadafi, E.; Davenport, J. Attributebased signatures with user-controlled linkability. In Proceedings of the International Conference on Cryptology and Network Security; Springer: Berlin/Heidelberg, Germany, 2014; pp. 256–259. [Google Scholar]
- Liu, J.K.; Wei, V.K.; Wong, D.S. Linkable spontaneous anonymous group signature for ad hoc groups. In Proceedings of the Australasian Conference on Information Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2004; pp. 325–335. [Google Scholar]
- Au, M.H.; Chow, S.S.; Susilo, W.; Tsang, P.P. Short linkable ring signatures revisited. In Proceedings of the European Public Key Infrastructure Workshop; Springer: Berlin/Heidelberg, Germany, 2006; pp. 101–115. [Google Scholar]
- Noether, S.; Mackenzie, A. Ring confidential transactions. Ledger 2016, 1, 1–18. [Google Scholar] [CrossRef]
- Tang, Y.; Xia, F.; Ye, Q.; Wang, M.; Mu, R.; Zhang, X. Identity-based Linkable Ring Signature on NTRU Lattice. Secur. Commun. Netw. 2021, 2021, 9992414. [Google Scholar] [CrossRef]
- Ye, Q.; Wang, M.; Meng, H. Efficient Linkable Ring Signature Scheme over NTRU Lattice with Unconditional Anonymity. Comput. Intell. Neurosci. 2022, 2022, 8431874. [Google Scholar] [CrossRef] [PubMed]
- Herranz, J.; Sáez, G. Forking lemmas for ring signature schemes. In Proceedings of the International Conference on Cryptology in India; Springer: Berlin/Heidelberg, Germany, 2003; pp. 266–279. [Google Scholar]
- Shacham, H.; Waters, B. Efficient ring signatures without random oracles. In Proceedings of the International Workshop on Public Key Cryptography; Springer: Berlin/Heidelberg, Germany, 2007; pp. 166–180. [Google Scholar]
- Zhang, F.; Safavi-Naini, R.; Susilo, W. An efficient signature scheme from bilinear pairings and its applications. In Proceedings of the International Workshop on Public Key Cryptography; Springer: Berlin/Heidelberg, Germany, 2004; pp. 277–290. [Google Scholar]
- Islam, S.K.H.; Das, A.K.; Khan, M.K. Design of a provably secure identity-based digital multi-signature scheme using biometrics and fuzzy extractor. Secur. Commun. Netw. 2016, 9, 3229–3238. [Google Scholar] [CrossRef] [Green Version]
- Gentry, C.; Peikert, C.; Vaikuntanathan, V. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing; Association for Computing Machinery: New York, NY, USA, 2008; pp. 197–206. [Google Scholar]
- Kawachi, A.; Tanaka, K.; Xagawa, K. Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2004; pp. 372–389. [Google Scholar]
- Cayrel, P.L.; Lindner, R.; Ru¨ckert, M.; Silva, R. A lattice-based threshold ring signature scheme. In Proceedings of the International Conference on Cryptology and Information Security in Latin America; Springer: Berlin/Heidelberg, Germany, 2010; pp. 255–272. [Google Scholar]
- Melchor, C.A.; Bettaieb, S.; Boyen, X.; Fousse, L. Adapting lyubashevsky’s signature schemes to the ring signature setting. In Proceedings of the International Conference on Cryptology in Africa; Springer: Berlin/Heidelberg, Germany, 2013; pp. 1–25. [Google Scholar]
- Lyubashevsky, V. Fiat-shamir with aborts: Applications to lattice and factoring-based signatures. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2009; pp. 598–616. [Google Scholar]
- Torres, W.A.A.; Steinfeld, R.; Sakzad, A.; Liu, J.K. Post-quantum onetime linkable ring signature and application to ring confidential transactions in blockchain (lattice ringct v1.0). In Proceedings of the Australasian Conference on Information Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2018; pp. 558–576. [Google Scholar]
- Baum, C.; Lin, H.; Oechsner, S. Towards practical lattice-based one-time linkable ring signatures. In Proceedings of the International Conference on Information and Communications Security; Springer: Berlin/Heidelberg, Germany, 2018; pp. 303–322. [Google Scholar]
- Lyubashevsky, V. Towards Practical Lattice-Based Cryptography. Ph.D. Thesis, University of California, San Diego, CA, USA, 2008. [Google Scholar]
- Lyubashevsky, V.; Micciancio, D. Generalized compact knapsacks are collision resistant. In Proceedings of the International Colloquium on Automata, Languages, and Programming; Springer: Berlin/Heidelberg, Germany, 2006; pp. 144–155. [Google Scholar]
- Micciancio, D.; Goldwasser, S. Complexity of Lattice Problems: A Cryptographic Perspective; The Kluwer International Series in Engineering and Computer Science; Springer: Berlin/Heidelberg, Germany, 2002; Volume 671. [Google Scholar]
- Bellare, M.; Neven, G. Multi-signatures in the plain public-key model and a general forking lemma. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Association for Computing Machinery; Association for Computing Machinery: New York, NY, USA, 2006; pp. 390–399. [Google Scholar]
Symbol | Description |
---|---|
If , then . | |
. | |
x is a uniformly random sample from the set S. | |
. | |
. | |
the ideal lattice. | |
, where . | |
. | |
, where . |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Cao, C.; You, L.; Hu, G. A Novel Linkable Ring Signature on Ideal Lattices. Entropy 2023, 25, 237. https://doi.org/10.3390/e25020237
Cao C, You L, Hu G. A Novel Linkable Ring Signature on Ideal Lattices. Entropy. 2023; 25(2):237. https://doi.org/10.3390/e25020237
Chicago/Turabian StyleCao, Chengtang, Lin You, and Gengran Hu. 2023. "A Novel Linkable Ring Signature on Ideal Lattices" Entropy 25, no. 2: 237. https://doi.org/10.3390/e25020237
APA StyleCao, C., You, L., & Hu, G. (2023). A Novel Linkable Ring Signature on Ideal Lattices. Entropy, 25(2), 237. https://doi.org/10.3390/e25020237