Research On Digital Signature Technology Based On Ring-LWR Problem

After the advent of the quantum computer model,the traditional public key cryptographic has not reached the security strength we need,and it is ceases to be safe.The lattice-based cryptographic scheme is one of many cryptographic construction methods with anti-quantum properties,and almost all commonly used cryptographic mechanisms can be realized through the lattice theory.Therefore,in recent years,people in the field of cryptography have conducted extensive research on the construction and application of lattice cryptography.As one of the commonly used cryptographic mechanisms,digital signatures are used to authenticate network information and ensure the security of information interaction.Its ability to resist quantum attacks is of particular importance.With the continuous development of lattice cryptography theory,there are many different types of digital signature schemes based on lattice theory,but they are roughly classified into two types.The first is a digital signature method based on the trapdoor structure on the lattice,and the second method is to construct a lattice-based signature without using trapdoors.This paper mainly be focuses on the research of constructing lattice signature methods without using trapdoors.Based on the assumption of small polynomial ratio uniformity and the difficult problem of Ring-LWR,two different lattice signature schemes are proposed to improve the shortcoming of the current types of schemes that need rejection sampling.1.In the existing scheme construction,since the distribution of signature values will expose the norm information of the private key,these schemes protect the private key by refusing to output some signature values that will expose the private key information,which is extremely effective.However,the probability of signature output is just one third,which greatly reduces the efficiency of signature.Scheme one redesigned the existing lattice signature scheme by studying the primarly El Gamal signature scheme and the TESLA series scheme.By changing the calculation method of the signature value,the probability distribution of the signature value is directly changed.The probability distribution of the improved scheme can ensure that the adversary cannot obtain part of the private key information even though a large amount of data for statistics.In order to achieve this goal,we changed the method of public and private keys and random number generation to ensure the signature scheme is unforgeable under chosen-message attack.At the same time,we confirm that our scheme is safe through security analysis and proof of security.2.Scheme two is our direct improvement of the Ring-TESLA.We retained the original signature generation method and the construction concept of the scheme,and improved the scheme based on the learning of rejection sampling and adversary attack methods.Rejection sampling is often used because the adversary will collect enough signature pairs to detect the difference between the random number norm distribution and the signature value norm distribution,that is,check how much the norm of the signature value is usually larger than the norm of the random value,so as to obtain users norm information of the private key.In the scheme,we disrupt the norm distribution by randomly reducing the norm of the signature value,so that the adversary's attack method is invalid,so as to avoid using rejection sampling.To do this and at the same time ensure that the signature can be verified correctly,we need to generate a public key based on a variation of the assumption of decisional small polynomial ratio.Despite our higher requirements on the public key,we can still guarantee the signature scheme is unforgeable under chosen-message attack.