Advertisement

From Identification Using Rejection Sampling to Signatures via the Fiat-Shamir Transform: Application to the BLISS Signature

  • Pauline Bert
  • Adeline Roux-Langlois
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)

Abstract

In this paper, we present a reduction from non-lossy/lossy identification scheme using rejection sampling to signature in the Random Oracle Model (ROM). The rejection sampling is used to ensure that the last step in the identification scheme does not leak information about the secret key of the scheme. This last step may fail, and to hide these failures to an adversary we use a Fiat-Shamir transform where we rerun the identification protocol until we get a valid output. We also apply our result for non-lossy identification scheme to the well-known BLISS signature [DDLL13] and compare with the original proof.

Keywords

Signature schemes Identification schemes Fiat-Shamir transform Rejection sampling Lattices 

Notes

Acknowledgments

Pauline Bert is funded by the Direction Générale de l’Armement (Pôle de Recherche CYBER). This work has received a French government support granted to the CominLabs excellence laboratory and managed by the National Research Agency in the “Investing for the Future” program under reference ANR-10-LABX-07-01.

References

  1. [AABN02]
    Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_28CrossRefGoogle Scholar
  2. [ABB+17]
    Alkim, E., et al.: Revisiting TESLA in the quantum random oracle model. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 143–162. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_9CrossRefGoogle Scholar
  3. [AFLT12]
    Abdalla, M., Fouque, P.-A., Lyubashevsky, V., Tibouchi, M.: Tightly-secure signatures from lossy identification schemes. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 572–590. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_34CrossRefGoogle Scholar
  4. [Ajt96]
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99–108. ACM (1996)Google Scholar
  5. [BN06]
    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM Conference on Computer and Communications Security, pp. 390–399. ACM (2006)Google Scholar
  6. [BP02]
    Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_11CrossRefGoogle Scholar
  7. [DDLL13]
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_3CrossRefGoogle Scholar
  8. [FS86]
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  9. [GLP12]
    Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_31CrossRefzbMATHGoogle Scholar
  10. [KLS17]
    Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. IACR Cryptology ePrint Archive 2017, p. 916 (2017)Google Scholar
  11. [KW03]
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: ACM Conference on Computer and Communications Security, pp. 155–164. ACM (2003)Google Scholar
  12. [Lyu08]
    Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78440-1_10CrossRefGoogle Scholar
  13. [Lyu12]
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_43CrossRefGoogle Scholar
  14. [PS00]
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361–396 (2000)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Univ Rennes, CNRS, IRISARennesFrance

Personalised recommendations