×

zbMATH — the first resource for mathematics

Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. (English) Zbl 1407.94136
Cheon, Jung Hee (ed.) et al., Advances in cryptology – ASIACRYPT 2016. 22nd international conference on the theory and application of cryptology and information security, Hanoi, Vietnam, December 4-8, 2016. Proceedings. Part II. Berlin: Springer. Lect. Notes Comput. Sci. 10032, 373-403 (2016).
Summary: A recent line of works – initiated by Gordon, Katz and Vaikuntanathan [ S. D. Gordon et al., Asiacrypt 2010, Lect. Notes Comput. Sci. 6477, 395–412 (2010; Zbl 1253.94071)] – gave lattice-based constructions allowing users to authenticate while remaining hidden in a crowd. Despite five years of efforts, known constructions are still limited to static sets of users, which cannot be dynamically updated. This work provides new tools enabling the design of anonymous authentication systems whereby new users can join the system at any time.
Our first contribution is a signature scheme with efficient protocols, which allows users to obtain a signature on a committed value and subsequently prove knowledge of a signature on a committed message. This construction is well-suited to the design of anonymous credentials and group signatures. It indeed provides the first lattice-based group signature supporting dynamically growing populations of users.
As a critical component of our group signature, we provide a simple joining mechanism of introducing new group members using our signature scheme. This technique is combined with zero-knowledge arguments allowing registered group members to prove knowledge of a secret short vector of which the corresponding public syndrome was certified by the group manager. These tools provide similar advantages to those of structure-preserving signatures in the realm of bilinear groups. Namely, they allow group members to generate their own public key without having to prove knowledge of the underlying secret key. This results in a two-message joining protocol supporting concurrent enrollments, which can be used in other settings such as group encryption.
Our zero-knowledge arguments are presented in a unified framework where: (i) the involved statements reduce to arguing possession of a \(\{-1,0,1\}\)-vector \(\mathbf {x}\) with a particular structure and satisfying \(\mathbf {P}\cdot \mathbf {x} = \mathbf {v} \bmod q\) for some public matrix \(\mathbf {P}\) and vector \(\mathbf {v}\); (ii) the reduced statements can be handled using permuting techniques for Stern-like protocols. Our framework can serve as a blueprint for proving many other relations in lattice-based cryptography.
For the entire collection see [Zbl 1349.94006].

MSC:
94A60 Cryptography
PDF BibTeX XML Cite
Full Text: DOI
References:
[1] Abe, M., Chase, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Constant-size structure-preserving signatures: generic constructions and simple assumptions. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 4–24. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_3 · Zbl 1292.94016 · doi:10.1007/978-3-642-34961-4_3
[2] Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_12 · Zbl 1280.94102 · doi:10.1007/978-3-642-14623-7_12
[3] Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_28 · Zbl 1227.94022 · doi:10.1007/978-3-642-13190-5_28
[4] Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. In: STACS 2009, pp. 75–86. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany (2009) · Zbl 1236.94049
[5] Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_29 · Zbl 1297.94042 · doi:10.1007/978-3-642-29011-4_29
[6] Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000). doi: 10.1007/3-540-44598-6_16 · Zbl 0995.94544 · doi:10.1007/3-540-44598-6_16
[7] Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: Using the Rényi divergence rather than the statistical distance. In ASIACRYPT 2015. Springer (2015) · Zbl 1337.94021 · doi:10.1007/978-3-662-48797-6_1
[8] Banaszczyk, W.: New bounds in some transference theorems in the geometry of number. Math. Ann. 296, 625–635 (1993) · Zbl 0786.11035 · doi:10.1007/BF01445125
[9] Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_7 · Zbl 1252.94047 · doi:10.1007/978-3-642-03356-8_7
[10] Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78524-8_20 · Zbl 1162.94338 · doi:10.1007/978-3-540-78524-8_20
[11] Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_38 · Zbl 1038.94552 · doi:10.1007/3-540-39200-9_38
[12] Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM-CCS 1993, pp. 62–73. ACM (1993) · doi:10.1145/168588.168596
[13] Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_11 · Zbl 1079.94013 · doi:10.1007/978-3-540-30574-3_11
[14] Benhamouda, F., Camenisch, J., Krenn, S., Lyubashevsky, V., Neven, G.: Better zero-knowledge proofs for lattice encryption and their application to group signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 551–572. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45611-8_29 · Zbl 1306.94026 · doi:10.1007/978-3-662-45611-8_29
[15] Benhamouda, F., Krenn, S., Lyubashevsky, V., Pietrzak, K.: Efficient zero-knowledge proofs for commitments from learning with errors over rings. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 305–325. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24174-6_16 · doi:10.1007/978-3-319-24174-6_16
[16] Böhl, F., Hofheinz, D., Jager, T., Koch, J., Striecks, C.: Confined guessing: New signatures from standard assumptions. J. Cryptology 28(1), 176–208 (2015) · Zbl 1308.94060 · doi:10.1007/s00145-014-9183-z
[17] Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_14 · Zbl 1122.94355 · doi:10.1007/978-3-540-24676-3_14
[18] Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_3 · Zbl 1104.94044 · doi:10.1007/978-3-540-28628-8_3
[19] Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_29 · Zbl 1281.94074 · doi:10.1007/978-3-642-13013-7_29
[20] Boyen, X., Waters, B.: Compact group signatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 427–444. Springer, Heidelberg (2006). doi: 10.1007/11761679_26 · Zbl 1140.94327 · doi:10.1007/11761679_26
[21] Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71677-8_1 · Zbl 1127.94020 · doi:10.1007/978-3-540-71677-8_1
[22] Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity based encryption in the standard model. IACR Cryptology ePrint Arch. 2010, 86 (2010)
[23] Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: On the classical hardness of learning with errors. In: STOC 2013, pp. 575–584. ACM (2013) · Zbl 1293.68159 · doi:10.1145/2488608.2488680
[24] Camenisch, J., Gross, T.: Efficient attributes for anonymous credentials. In: ACM-CCS 2008, pp. 345–356. ACM (2008) · doi:10.1145/1455770.1455814
[25] Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005). doi: 10.1007/11426639_18 · Zbl 1137.94366 · doi:10.1007/11426639_18
[26] Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_25 · Zbl 1239.94039 · doi:10.1007/978-3-642-01001-9_25
[27] Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Formal treatment of privacy-enhancing credential systems. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 3–24. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-31301-6_1 · Zbl 1339.94074 · doi:10.1007/978-3-319-31301-6_1
[28] Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_7 · Zbl 0981.94043 · doi:10.1007/3-540-44987-6_7
[29] Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). doi: 10.1007/3-540-45708-9_5 · Zbl 1026.94545 · doi:10.1007/3-540-45708-9_5
[30] Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). doi: 10.1007/3-540-36413-7_20 · Zbl 1022.68528 · doi:10.1007/3-540-36413-7_20
[31] Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_4 · Zbl 1104.94045 · doi:10.1007/978-3-540-28628-8_4
[32] Camenisch, J., Neven, G., Rückert, M.: Fully anonymous attribute tokens from lattices. In: Visconti, I., Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 57–75. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32928-9_4 · Zbl 1310.94177 · doi:10.1007/978-3-642-32928-9_4
[33] Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_27 · Zbl 1280.94043 · doi:10.1007/978-3-642-13190-5_27
[34] Chaum, D.: Security without identification: Transactions ssystem to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985) · doi:10.1145/4372.4373
[35] Chaum, D., Heyst, E.: Group Signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). doi: 10.1007/3-540-46416-6_22 · Zbl 0791.68044 · doi:10.1007/3-540-46416-6_22
[36] Damgård, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_30 · Zbl 1082.94539 · doi:10.1007/3-540-45539-6_30
[37] Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R.: Public-key encryption with non-interactive opening. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 239–255. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_15 · Zbl 1161.94393 · doi:10.1007/978-3-540-79263-5_15
[38] Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006). doi: 10.1007/11958239_13 · Zbl 1295.94177 · doi:10.1007/11958239_13
[39] Ezerman, M.F., Lee, H.T., Ling, S., Nguyen, K., Wang, H.: A provably secure group signature scheme from code-based assumptions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 260–285. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_12 · Zbl 1396.94075 · doi:10.1007/978-3-662-48797-6_12
[40] Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). doi: 10.1007/3-540-47721-7_12 · Zbl 0636.94012 · doi:10.1007/3-540-47721-7_12
[41] Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169–178. ACM (2009) · Zbl 1304.94059 · doi:10.1145/1536414.1536440
[42] Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008, pp. 197–206. ACM (2008) · Zbl 1231.68124 · doi:10.1145/1374376.1374407
[43] Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: STOC 1985, pp. 291–304. ACM (1985) · Zbl 0900.94025 · doi:10.1145/22145.22178
[44] Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC 2013, pp. 545–554. ACM (2013) · Zbl 1293.68109 · doi:10.1145/2488608.2488677
[45] Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_25 · Zbl 1369.94538 · doi:10.1007/978-3-662-48000-7_25
[46] Gordon, S.D., Katz, J., Vaikuntanathan, V.: A group signature scheme from lattice assumptions. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 395–412. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17373-8_23 · Zbl 1253.94071 · doi:10.1007/978-3-642-17373-8_23
[47] Green, M., Hohenberger, S.: Universally composable adaptive oblivious transfer. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 179–197. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-89255-7_12 · Zbl 1206.94068 · doi:10.1007/978-3-540-89255-7_12
[48] Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_10 · Zbl 1153.94386 · doi:10.1007/978-3-540-76900-2_10
[49] Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_24 · Zbl 1149.94320 · doi:10.1007/978-3-540-78967-3_24
[50] Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_38 · Zbl 1252.94074 · doi:10.1007/978-3-642-03356-8_38
[51] Jain, A., Krenn, S., Pietrzak, K., Tentes, A.: Commitments and efficient zero-knowledge proofs from learning parity with noise. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 663–680. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_40 · Zbl 1292.94082 · doi:10.1007/978-3-642-34961-4_40
[52] Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-89255-7_23 · Zbl 1206.94076 · doi:10.1007/978-3-540-89255-7_23
[53] Kiayias, A., Tsiounis, Y., Yung, M.: Group encryption. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 181–199. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_11 · Zbl 1153.94399 · doi:10.1007/978-3-540-76900-2_11
[54] Kiayias, A., Yung, M.: Group signatures with efficient concurrent join. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 198–214. Springer, Heidelberg (2005). doi: 10.1007/11426639_12 · Zbl 1137.94373 · doi:10.1007/11426639_12
[55] Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. Int. J. Secur. Netw. 1(1), 24–45 (2006) · Zbl 05464290 · doi:10.1504/IJSN.2006.010821
[56] Laguillaumie, F., Langlois, A., Libert, B., Stehlé, D.: Lattice-based group signatures with logarithmic signature size. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 41–61. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_3 · Zbl 1314.94104 · doi:10.1007/978-3-642-42045-0_3
[57] Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_20 · Zbl 1335.94063 · doi:10.1007/978-3-642-54631-0_20
[58] Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_14 · Zbl 1332.94071 · doi:10.1007/978-3-642-55220-5_14
[59] Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H., Signature schemes with efficient protocols, dynamic group signatures from lattice assumptions. Cryptology ePrint Archive: Report 2016/101 (2016) · Zbl 1407.94136
[60] Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_1 · Zbl 1369.94552 · doi:10.1007/978-3-662-49896-5_1
[61] Ling, S., Nguyen, K., Stehlé, D., Wang, H.: Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 107–124. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_8 · Zbl 1314.94087 · doi:10.1007/978-3-642-36362-7_8
[62] Ling, S., Nguyen, K., Wang, H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 427–449. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_19 · Zbl 1345.94075 · doi:10.1007/978-3-662-46447-2_19
[63] Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78440-1_10 · Zbl 1162.94388 · doi:10.1007/978-3-540-78440-1_10
[64] Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_1 · Zbl 1279.94099 · doi:10.1007/978-3-642-13190-5_1
[65] Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_41 · Zbl 1297.94090 · doi:10.1007/978-3-642-29011-4_41
[66] Nguyen, P.Q., Zhang, J., Zhang, Z.: Simpler efficient group signatures from lattices. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 401–426. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_18 · Zbl 1345.94082 · doi:10.1007/978-3-662-46447-2_18
[67] Papamanthou, C., Shi, E., Tamassia, R., Yi, K.: Streaming authenticated data structures. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 353–370. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_22 · Zbl 1306.94106 · doi:10.1007/978-3-642-38348-9_22
[68] Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC 2009, pp. 333–342. ACM (2009) · Zbl 1304.94079 · doi:10.1145/1536414.1536461
[69] Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93. ACM (2005) · Zbl 1192.94106 · doi:10.1145/1060590.1060603
[70] Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_32 · Zbl 1064.94558 · doi:10.1007/3-540-45682-1_32
[71] Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: preventing signature hijacking. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 715–732. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30057-8_42 · Zbl 1291.94196 · doi:10.1007/978-3-642-30057-8_42
[72] Stern, J.: A new paradigm for public key identification. IEEE Trans. Inf. Theor. 42(6), 1757–1768 (1996) · Zbl 0944.94008 · doi:10.1109/18.556672
[73] Xie, X., Xue, R., Wang, M.: Zero knowledge proofs from ring-LWE. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 57–73. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-02937-5_4 · Zbl 06350107 · doi:10.1007/978-3-319-02937-5_4
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.