Abstract
We present Raptor, the first practical lattice-based (linkable) ring signature scheme with implementation. RaptorĀ is as fast as classical solutions; while the size of the signature is roughly 1.3 KB per user. Prior to our work, all existing lattice-based solutions are analogues of their discrete-log or pairing-based counterparts. We develop a generic construction of (linkable) ring signatures based on the well-known generic construction from Rivest et al., which is not fully compatible with lattices. Our generic construction is provably secure in random oracle model. We also give instantiations from both standard lattice, as a proof of concept, and NTRU lattice, as an efficient instantiation. We show that the latter construction, called Raptor, is almost as efficient as the classical RST ring signatures and thus may be of practical interest.
Z. ZhangāThis work was done when with OnBoard Security.
This work is supported by Innovation and Technology Funding under project ITS/356/17 and National Natural Science Foundation of China under project 61602396.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Here we will only use the public key once; the actual signature scheme does not necessarily need to be a one-time signature scheme.
- 2.
- 3.
We require at least one of the three elements is invertible over \({\mathcal R}_q\). For Falcon-512, the probability is \((1-1/q)^N\approx 96\%\).
References
Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415ā432. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_26
Aguilar Melchor, C., Bettaieb, S., Boyen, X., Fousse, L., Gaborit, P.: Adapting Lyubashevskyās signature schemes to the ring signature setting. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 1ā25. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38553-7_1
Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 99ā108. ACM, New York (1996)
Alberto Torres, W.A., et al.: Post-quantum one-time linkable ring signature and application to ring confidential transactions in blockchain (lattice RingCT v1.0). In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 558ā576. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_32
Albrecht, M.R., et al.: Estimate all the LWE, NTRU schemes!. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351ā367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_19
Alkim, E., Ducas, L., Pƶppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, 10ā12 August 2016, Austin, TX, USA, pp. 327ā343 (2016)
Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535ā553 (2011)
Au, M.H., Chow, S.S.M., Susilo, W., Tsang, P.P.: Short linkable ring signatures revisited. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 101ā115. Springer, Heidelberg (2006). https://doi.org/10.1007/11774716_9
Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Certificate based (linkable) ring signature. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 79ā92. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72163-5_8
Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Secure id-based linkable and revocable-iff-linked ring signature with constant-size construction. Theor. Comput. Sci. 469, 1ā14 (2013)
Baum, C., Lin, H., Oechsner, S.: Towards practical lattice-based one-time linkable ring signatures. In: Naccache, D., et al. (eds.) Information and Communications Security, pp. 303ā322. Springer International Publishing, Cham (2018)
Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60ā79. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_4
Boneh, D., Dagdelen, Ć., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41ā69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3
Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J., Petit, C.: Short accountable ring signatures based on DDH. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 243ā265. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_13
Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity based encryption in the standard model. Cryptology ePrint Archive, Report 2010/086 (2010). https://eprint.iacr.org/2010/086
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410ā424. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052252
Chandran, N., Groth, J., Sahai, A.: Ring signatures of sub-linear size without random oracles. In: Arge, L., Cachin, C., JurdziÅski, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 423ā434. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73420-8_38
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257ā265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22
Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1ā20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1
Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609ā626. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_36
Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40ā56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3
Ducas, L., Lyubashevsky, V., Prest, T.: Efficient identity-based encryption over NTRU lattices. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 22ā41. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_2
Ducas, L., Prest, T.: Fast Fourier orthogonalization. In: Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation, ISSAC 2016, pp. 191ā198. ACM, New York (2016)
Dwork, C., Naor, M.: Zaps and their applications. SIAM J. Comput. 36(6), 1513ā1543 (2007)
Esgin, M.F., Steinfeld, R., Sakzad, A., Liu, J.K., Liu, D.: Short lattice-based one-out-of-many proofs and applications to ring signatures. Cryptology ePrint Archive, Report 2018/773 (2018). https://eprint.iacr.org/2018/773
Fouque, P.-A., et al.: Falcon: Fast-Fourier lattice-based compact signatures over NTRU (2018)
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 197ā206. ACM, New York (2008)
Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253ā280. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_9
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 212ā219. ACM, New York (1996)
Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122ā140. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_9
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267ā288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proceedings of the Network and Distributed System Security Symposium, NDSS: San Diego, California, USA, p. 2000 (2000)
Laarhoven, T., Mariano, A.: Progressive lattice sieving. In: Lange, T., Steinwandt, R. (eds.) Post-Quantum Cryptography, pp. 292ā311. Springer International Publishing, Cham (2018)
Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1ā31. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_1
Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157ā165 (2014)
Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325ā335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28
LĆ³pez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, STOC 2012, pp. 1219ā1234. ACM, New York (2012)
Lu, X., Au, M.H., Zhang, Z.: Raptor: A practical lattice-based (linkable) ring signature. Cryptology ePrint Archive, Report 2018/857
Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738ā755. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_43
Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144ā155. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_13
Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700ā718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_41
National Institute of Standards and Technology. Post-Quantum Cryptography Standardization (2017)
Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098
Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80ā97. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_5
Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145ā166. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_8
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552ā565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32
Shacham, H., Waters, B.: Efficient ring signatures without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 166ā180. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_12
Shor, P.W.: Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, p. 289. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58691-1_68
StehlĆ©, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27ā47. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_4
Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency Monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456ā474. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_25
Tsang, P.P., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S.: A suite of non-pairing ID-based threshold ring signature schemes with different levels of anonymity (extended abstract). In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 166ā183. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16280-0_11
Tsang, P.P., Wei, V.K.: Short linkable ring signatures for e-voting, e-cash and attestation. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48ā60. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31979-5_5
Zhang, Z.: Raptor source code. https://github.com/zhenfeizhang/raptor
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lu, X., Au, M.H., Zhang, Z. (2019). Raptor: A Practical Lattice-Based (Linkable) Ring Signature. In: Deng, R., Gauthier-UmaƱa, V., Ochoa, M., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2019. Lecture Notes in Computer Science(), vol 11464. Springer, Cham. https://doi.org/10.1007/978-3-030-21568-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-21568-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21567-5
Online ISBN: 978-3-030-21568-2
eBook Packages: Computer ScienceComputer Science (R0)