Ring Signatures Based on Middle-Product Learning with Errors Problems

  • Dipayan DasEmail author
  • Man Ho Au
  • Zhenfei Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)


Lattice-based (linkable) ring signatures are an important notion to cryptography since it protects signer anonymity against quantum computers. In this paper, we proposed a new lattice-based linkable ring signature scheme using a variant of Learning with Errors problem called Middle-Product Learning with Errors (\(\mathsf {MPLWE}\)). The proposed scheme follows a framework from [10, 12] with the following improvements. Firstly, this scheme relies on a much weaker assumption. Secondly, our approach relies on a decisional problem, thus, the security analysis does not require the Forking Lemma which has been a fundamental obstacle for provable security under the quantum random oracle model (QROM).


  1. 1.
    Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). Scholar
  2. 2.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Proceedings of USENIX Security Symposium, pp. 327–343 (2016)Google Scholar
  3. 3.
    Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016). Scholar
  4. 4.
    Ducas, L., Plançon, M., Wesolowski, B.: On the Shortness of Vectors to be found by the Ideal-SVP Quantum Algorithm. Cryptology ePrint Archive (2019).
  5. 5.
    Pellet-Mary, A., Hanrot, G., Stehlé, D.: Approx-SVP in Ideal Lattices with Pre-processing. Cryptology ePrint Archive (2019).
  6. 6.
    Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016). Scholar
  7. 7.
    Roşca, M., Sakzad, A., Stehlé, D., Steinfeld, R.: Middle-product learning with errors. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 283–297. Springer, Cham (2017). Scholar
  8. 8.
    Ducas, L., et al.: CRYSTALS-Dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptographic Hardware Embedded Syst. (TCHES) 2018(1), 238–268 (2018)MathSciNetGoogle Scholar
  9. 9.
    Bai, S., Galbraith, S.D.: An improved compression technique for signatures based on learning with errors. In: Proceedings of CT-RSA, pp. 28–47 (2014)CrossRefGoogle Scholar
  10. 10.
    Torres, W.A.A., et al.: Post-quantum one-time linkable ring signature and application to ring confidential transactions in blockchain (Lattice RingCT v1.0). In: Proceedings of ACISP, pp. 558–576 (2018)Google Scholar
  11. 11.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009). Scholar
  12. 12.
    Baum, C., Lin, H., Oechsner, S.: Towards practical lattice-based one-time linkable ring signatures. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 303–322. Springer, Cham (2018). Scholar
  13. 13.
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). Scholar
  14. 14.
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Proceedings of ACM CCS, pp. 155–164 (2003)Google Scholar
  15. 15.
    Alkim, E., Bindel, N., Buchmann, J., Dagdelen, Ö.: TESLA: Tightly-Secure Efficient Signatures from Standard Lattices. Cryptology ePrint Archive (2015).
  16. 16.
    Abdalla, M., Fouque, P., Lyubashevsky, V., Tibouchi, M.: Tightly secure signatures from lossy identification schemes. J. Cryptol. 29(3), 597–631 (2016)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of fiat-shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552–586. Springer, Cham (2018). Scholar
  18. 18.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. J. Cryptol. 22(2), 139–160 (2009)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Ducas, L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 433–450. Springer, Heidelberg (2012). Scholar
  20. 20.
    Lyubashevsky, V.: Fiat-shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). Scholar
  21. 21.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). Scholar
  22. 22.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). Scholar
  23. 23.
    Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger 1, 1–18 (2016)CrossRefGoogle Scholar
  24. 24.
    Tsang, P.P., Wei, V.K.: Short linkable ring signatures for e-voting, e-cash and attestation. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48–60. Springer, Heidelberg (2005). Scholar
  25. 25.
    Au, M.H., Chow, S.S.M., Susilo, W., Tsang, P.P.: Short linkable ring signatures revisited. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 101–115. Springer, Heidelberg (2006). Scholar
  26. 26.
    Liu, J.K., Au, M.H., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157–165 (2014)CrossRefGoogle Scholar
  27. 27.
    Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456–474. Springer, Cham (2017). Scholar
  28. 28.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). Scholar
  29. 29.
    Lu, X., Au, M.H., Zhang, Z.: Raptor: a practical lattice-based (linkable) ring signature. In: Deng, R., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 110–130. Springer, Cham (2019). Scholar
  30. 30.
    Lu, X., Au, M.H., Zhang, Z.: (Linkable) Ring signature from hash-then-one-way signature. In: Proceedings of IEEE TrustCom (2019)Google Scholar
  31. 31.
    Fouque, P., et al.: Falcon: Fast-Fourier Lattice-based compact Signatures over NTRU (2018).
  32. 32.
    Bellare, M., Neven, G.: Multi-signatures in the plain Public-Key Model and a general forking lemma. In: Proceedings of ACM CCS, pp. 390–399 (2006)Google Scholar
  33. 33.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)CrossRefGoogle Scholar
  34. 34.
    Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005). Scholar
  35. 35.
    Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 33–61. Springer, Heidelberg (2016). Scholar
  36. 36.
    Shor, P.W.: Polynominal time algorithms for discrete logarithms and factoring on a Quantum computer. In: Proceedings of ANTS, p. 289 (1994)zbMATHGoogle Scholar
  37. 37.
    Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012). Scholar
  38. 38.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of ACM STOC, pp. 84–93 (2005)Google Scholar
  39. 39.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Proceedings of ACM STOC, pp. 99–108 (1996)Google Scholar
  40. 40.
    NIST: Post-Quantum Cryptography-Round 1 Submissions.
  41. 41.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). Scholar
  42. 42.
    Rosca, M., Stehlé, D., Wallet, A.: On the ring-LWE and polynomial-LWE problems. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 146–173. Springer, Cham (2018). Scholar
  43. 43.
    TBA: A digital signature from Middle-Product Learning with ErrorsGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.National Institute of TechnologyDurgapurIndia
  2. 2.The Hong Kong Polytechnic UniversityHung HomChina
  3. 3.AlgorandBostonUSA

Personalised recommendations