Lattice-Based Digital Signatures

With the rapid development of information technology,the network has brought a lot of hidden dangers while providing people with a convenient life.Incidents such as personal privacy and leakage of sensitive data have made information security more and more important.As an important part of the public key cryptosystem,digital signatures can ensure the authenticity of the content of the sent messages,authenticate the identity of the sender,and prevent denial during the transaction process.At the same time,traditional public key systems based on large integer factorization and discrete logarithm problems will no longer be applicable due to the rapid development of quantum computers.Lattice problems allow worst case to average case reduction,and its operation is usually simple and efficient,so lattice-based cryptosystem has broad application prospects,and lattice-based digital signature scheme also emerges.In this paper,based on RSIS and RLWE,three signature schemes on prime cyclotomic rings are given.Although power-of-two rings are almost the dominant and preferred type of ring in all ring-based signature schemes,it has good properties,such as smaller expansion factors,higher scheme efficiency.Power-of-two rings have been obtained many relevant conclusions.However,due to the scarcity of such rings,the choice of the ring by the scheme is restricted.Therefore,in order to make the diversity of lattice signature scheme parameter selection,we study the signature based on prime cyclotomic rings in this paper.The main work of this article is as follows: 1.Inspired by Rukert's lattice-based blind signature scheme RBS,a blind signature scheme on prime cyclotomic rings is given.The scheme uses the Filtering lemma to limit the output of the private key to a smaller interval,so the output distribution of the signature has a higher probability to obey the uniform distribution in the interval,thereby hiding the information of the secret key.The security of the scheme is based on the difficulty of the collision problem,which satisfies blindness and one-more unforgeability in the random oracle model.2.Inspired by the lattice-based blind signature scheme BLAZE proposed by Nabil et al.,a blind signature scheme on prime cyclotomic rings is given.The scheme uses the rejection sampling lemma to output signatures with a certain probability,so the distribution of signatures may obey a certain probability distribution that is independent with the secret key,so as to hide the information of the secret key.Security of the scheme is based on RSIS and RLWE,which is blind and one-more unforgeable in the random oracle model.3.Finally,based on the work of Stehle et al.and Wang Xiaoyun et al.,a variant of NTRUSign is given based on the prime cyclotomic rings.Security of this scheme is based on RSIS,a difficult problem on lattices,and it is strongly existentially unforgeable against a chosen message attack in the random oracle model.