The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Propomos um esquema de assinatura curta sob a suposição do anel SIS no modelo padrão. Especificamente, ao revisitar uma construção existente [Ducas e Micciancio, CRYPTO 2014], demonstramos assinaturas baseadas em rede com perda de redução melhorada. Até onde sabemos, não há maneiras de usar múltiplas tags na simulação de assinatura de prova de segurança nas assinaturas baseadas em tags de rede. Abordamos a possibilidade de colisão de tags na configuração da rede, o que melhora a perda de redução. Nosso esquema gera tags a partir de mensagens construindo um esquema sob uma condição de segurança moderada que é existencialmente impossível de ser forjada contra ataques aleatórios de mensagens com informações auxiliares. Assim nosso esquema pode reduzir o tamanho da assinatura já que não necessita enviar tags com as assinaturas. Nosso esquema tem tamanhos de assinatura curtos de O(1) e atinge perdas de redução mais rigorosas do que o esquema de Ducas et al. Nosso esquema proposto tem duas variantes. Nosso esquema com uma propriedade tem redução mais rigorosa e o mesmo tamanho de chave de verificação de O(registro n) como o esquema de Ducas et al., onde n é o parâmetro de segurança. Nosso esquema com a outra propriedade consegue uma redução muito mais rigorosa na perda de O(Q/n) e tamanho da chave de verificação de O(n), Onde Q é o número de consultas de assinatura.
Kaisei KAJITA
Japan Broadcasting Corporation
Go OHTAKE
Japan Broadcasting Corporation
Kazuto OGAWA
Japan Broadcasting Corporation
Koji NUIDA
Kyushu University
Tsuyoshi TAKAGI
The University of Tokyo
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Kaisei KAJITA, Go OHTAKE, Kazuto OGAWA, Koji NUIDA, Tsuyoshi TAKAGI, "Short Lattice Signature Scheme with Tighter Reduction under Ring-SIS Assumption" in IEICE TRANSACTIONS on Fundamentals,
vol. E106-A, no. 3, pp. 228-240, March 2023, doi: 10.1587/transfun.2022CIP0017.
Abstract: We propose a short signature scheme under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction [Ducas and Micciancio, CRYPTO 2014], we demonstrate lattice-based signatures with improved reduction loss. As far as we know, there are no ways to use multiple tags in the signature simulation of security proof in the lattice tag-based signatures. We address the tag-collision possibility in the lattice setting, which improves reduction loss. Our scheme generates tags from messages by constructing a scheme under a mild security condition that is existentially unforgeable against random message attack with auxiliary information. Thus our scheme can reduce the signature size since it does not need to send tags with the signatures. Our scheme has short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.'s scheme. Our proposed scheme has two variants. Our scheme with one property has tighter reduction and the same verification key size of O(log n) as that of Ducas et al.'s scheme, where n is the security parameter. Our scheme with the other property achieves much tighter reduction loss of O(Q/n) and verification key size of O(n), where Q is the number of signing queries.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2022CIP0017/_p
Copiar
@ARTICLE{e106-a_3_228,
author={Kaisei KAJITA, Go OHTAKE, Kazuto OGAWA, Koji NUIDA, Tsuyoshi TAKAGI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Short Lattice Signature Scheme with Tighter Reduction under Ring-SIS Assumption},
year={2023},
volume={E106-A},
number={3},
pages={228-240},
abstract={We propose a short signature scheme under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction [Ducas and Micciancio, CRYPTO 2014], we demonstrate lattice-based signatures with improved reduction loss. As far as we know, there are no ways to use multiple tags in the signature simulation of security proof in the lattice tag-based signatures. We address the tag-collision possibility in the lattice setting, which improves reduction loss. Our scheme generates tags from messages by constructing a scheme under a mild security condition that is existentially unforgeable against random message attack with auxiliary information. Thus our scheme can reduce the signature size since it does not need to send tags with the signatures. Our scheme has short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.'s scheme. Our proposed scheme has two variants. Our scheme with one property has tighter reduction and the same verification key size of O(log n) as that of Ducas et al.'s scheme, where n is the security parameter. Our scheme with the other property achieves much tighter reduction loss of O(Q/n) and verification key size of O(n), where Q is the number of signing queries.},
keywords={},
doi={10.1587/transfun.2022CIP0017},
ISSN={1745-1337},
month={March},}
Copiar
TY - JOUR
TI - Short Lattice Signature Scheme with Tighter Reduction under Ring-SIS Assumption
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 228
EP - 240
AU - Kaisei KAJITA
AU - Go OHTAKE
AU - Kazuto OGAWA
AU - Koji NUIDA
AU - Tsuyoshi TAKAGI
PY - 2023
DO - 10.1587/transfun.2022CIP0017
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E106-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2023
AB - We propose a short signature scheme under the ring-SIS assumption in the standard model. Specifically, by revisiting an existing construction [Ducas and Micciancio, CRYPTO 2014], we demonstrate lattice-based signatures with improved reduction loss. As far as we know, there are no ways to use multiple tags in the signature simulation of security proof in the lattice tag-based signatures. We address the tag-collision possibility in the lattice setting, which improves reduction loss. Our scheme generates tags from messages by constructing a scheme under a mild security condition that is existentially unforgeable against random message attack with auxiliary information. Thus our scheme can reduce the signature size since it does not need to send tags with the signatures. Our scheme has short signature sizes of O(1) and achieves tighter reduction loss than that of Ducas et al.'s scheme. Our proposed scheme has two variants. Our scheme with one property has tighter reduction and the same verification key size of O(log n) as that of Ducas et al.'s scheme, where n is the security parameter. Our scheme with the other property achieves much tighter reduction loss of O(Q/n) and verification key size of O(n), where Q is the number of signing queries.
ER -