Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Asymptotically Efficient Lattice-Based Digital Signatures

Asymptotically Efficient Lattice-Based Digital Signatures We present a general framework that converts certain types of linear collision-resistant hash functions into one-time signatures. Our generic construction can be instantiated based on both general and ideal (e.g., cyclic) lattices, and the resulting signature schemes are provably secure based on the worst-case hardness of approximating the shortest vector (and other standard lattice problems) in the corresponding class of lattices to within a polynomial factor. When instantiated with ideal lattices, the time complexity of the signing and verification algorithms, as well as key and signature size, is almost linear (up to poly-logarithmic factors) in the dimension n of the underlying lattice. Since no sub-exponential (in n) time algorithm is known to solve lattice problems in the worst case, even when restricted to ideal lattices, our construction gives a digital signature scheme with an essentially optimal performance/security trade-off. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Journal of Cryptology Springer Journals

Asymptotically Efficient Lattice-Based Digital Signatures

Download PDF
24 pages

Loading next page...
 
/lp/springer_journal/asymptotically-efficient-lattice-based-digital-signatures-lVitWKiJ1J
Publisher
Springer Journals
Copyright
Copyright © 2017 by International Association for Cryptologic Research
Subject
Computer Science; Coding and Information Theory; Computational Mathematics and Numerical Analysis; Combinatorics; Probability Theory and Stochastic Processes; Communications Engineering, Networks
ISSN
0933-2790
eISSN
1432-1378
DOI
10.1007/s00145-017-9270-z
Publisher site
See Article on Publisher Site

Abstract

We present a general framework that converts certain types of linear collision-resistant hash functions into one-time signatures. Our generic construction can be instantiated based on both general and ideal (e.g., cyclic) lattices, and the resulting signature schemes are provably secure based on the worst-case hardness of approximating the shortest vector (and other standard lattice problems) in the corresponding class of lattices to within a polynomial factor. When instantiated with ideal lattices, the time complexity of the signing and verification algorithms, as well as key and signature size, is almost linear (up to poly-logarithmic factors) in the dimension n of the underlying lattice. Since no sub-exponential (in n) time algorithm is known to solve lattice problems in the worst case, even when restricted to ideal lattices, our construction gives a digital signature scheme with an essentially optimal performance/security trade-off.

Journal

Journal of CryptologySpringer Journals

Published: Oct 30, 2017

References

  • New directions in cryptography
    Diffie, W; Hellman, ME
  • A digital signature scheme secure against adaptive chosen-message attacks
    Goldwasser, S; Micali, S; Rivest, RL
  • Efficient cryptographic schemes provably as secure as subset sum
    Impagliazzo, R; Naor, M
  • Generalized compact knapsacks are collision resistant
    Lyubashevsky, V; Micciancio, D