Advertisement

A Traceable Ring Signature Scheme Based on Coding Theory

  • Pedro BrancoEmail author
  • Paulo Mateus
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)

Abstract

Traceable ring signatures are a variant of ring signatures which allows the identity of a user to be revealed, when it signs two different messages with respect to the same group of users. It has applications in e-voting and in cryptocurrencies, such as the well-known Monero. We propose the first traceable ring signature scheme whose security is based on the hardness of the Syndrome Decoding problem, a problem in coding theory which is conjectured to be unsolvable by both classical and quantum algorithms. To construct the scheme, we use a variant of Stern’s protocol and, by applying the Fiat-Shamir transform to it in an ingenious way, we obtain a ring signature that allows traceability. We prove that the resulting protocol has the standard security properties for traceable ring signatures in the random oracle model: tag-linkability, anonymity and exculpability. As far as we know, this is the first proposal for a traceable ring signature scheme in the post-quantum setting.

Keywords

Traceable ring signature scheme Code-based cryptography Stern’s protocol 

Notes

Acknowledgments

The first author would like to thank the support from DP-PMI and FCT (Portugal) through the grant PD/BD/135181/2017.

This work is funded by FCT/MEC through national funds and when applicable co-funded by FEDER – PT2020 partnership agreement under the project UID/EEA/50008/2013, and IT internal project QBigData, FCT through national funds, by FEDER, through COMPETE 2020, and by Regional Operational Program of Lisbon, under projects Confident PTDC/EEI-CTP/4503/2014, QuantumMining POCI-01-0145-FEDER-031826 and Predict PTDC/CCI-CIF/ 29877/2017. It was funded by European project H2020-SU-ICT-2018-2020.

Supplementary material

References

  1. 1.
    Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_28CrossRefGoogle Scholar
  2. 2.
    Alamélou, Q., Blazy, O., Cauchie, S., Gaborit, P.: A practical group signature scheme based on rank metric. In: Duquesne, S., Petkova-Nikova, S. (eds.) WAIFI 2016. LNCS, vol. 10064, pp. 258–275. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-55227-9_18CrossRefGoogle Scholar
  3. 3.
    Alamélou, Q., Blazy, O., Cauchie, S., Gaborit, P.: A code-based group signature scheme. Designs Codes Crypt. 82(1), 469–493 (2017).  https://doi.org/10.1007/s10623-016-0276-6MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems: the hardness of quantum rewinding. In: Proceedings of the 2014 IEEE 55th Annual Symposium on Foundations of Computer Science FOCS 2014, pp. 474–483. IEEE Computer Society, Washington, DC, USA (2014).  https://doi.org/10.1109/FOCS.2014.57
  5. 5.
    Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction. Theor. Comput. Sci. 469, 1–14 (2013). http://www.sciencedirect.com/science/article/pii/S0304397512009528MathSciNetCrossRefGoogle Scholar
  6. 6.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: How 1 + 1 = 0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_31CrossRefzbMATHGoogle Scholar
  7. 7.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory (corresp.) 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J.: Grover vs. mceliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 73–80. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-12929-2_6CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_3CrossRefzbMATHGoogle Scholar
  10. 10.
    Branco, P., Mateus, P.: A code-based linkable ring signature scheme. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 203–219. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-01446-9_12CrossRefGoogle Scholar
  11. 11.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense bch codes of length 511. IEEE Trans. Inf. Theory 44(1), 367–378 (1998)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Canto Torres, R., Sendrier, N.: Analysis of information set decoding for a sub-linear error weight. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 144–161. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29360-8_10CrossRefGoogle Scholar
  13. 13.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-46416-6_22CrossRefGoogle Scholar
  14. 14.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_19CrossRefGoogle Scholar
  15. 15.
    Damgård, I.: On \(\sigma \)-protocols. Lecture Notes, University of Aarhus, Department for Computer Science (2002)Google Scholar
  16. 16.
    Ezerman, M.F., Lee, H.T., Ling, S., Nguyen, K., Wang, H.: A provably secure group signature scheme from code-based assumptions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 260–285. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_12CrossRefGoogle Scholar
  17. 17.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  18. 18.
    Fujisaki, E.: Sub-linear size traceable ring signatures without random oracles. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 393–415. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19074-2_25CrossRefGoogle Scholar
  19. 19.
    Fujisaki, E., Suzuki, K.: Traceable ring signature. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71677-8_13CrossRefGoogle Scholar
  20. 20.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-27800-9_28CrossRefGoogle Scholar
  21. 21.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_6CrossRefzbMATHGoogle Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_32CrossRefGoogle Scholar
  23. 23.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997).  https://doi.org/10.1137/S0097539795293172MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_2CrossRefGoogle Scholar
  25. 25.
    Unruh, D.: Post-quantum security of Fiat-Shamir. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 65–95. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_3CrossRefGoogle Scholar
  26. 26.
    Van Saberhagen, N.: CryptoNote v 2.0 (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Mathematics, SQIG-Instituto de TelecomunicaçõesIST-Universidade de LisboaLisbonPortugal

Personalised recommendations