Lattice-based Post-quantum Digital Signature And Its Application

With the rapid development of quantum computers,signature schemes based on large integer factorization problem,discrete logarithm problem,and bilinear pairing problem become no longer secure.Therefore,cryptographers have proposed many kinds of cipher primitives that can resist quantum computer attacks.Lattice cipher,as one of the cipher primitives that can resist quantum computer attacks,has received more and more attention.Since the lattice cipher has a reduction relationship between the worst case and the random case,it has a strong security guarantee.Many excellent schemes based on lattice have been proposed in recent years,such as digital signature schemes and their applications.However,these schemes will have some problems more or less,therefore,how to build a more secure,efficient,and functional digital signature scheme is a very meaningful research hotspot.At the same time,many application scenarios currently do not have the characteristics of resisting quantum attacks,it also makes sense to extend lattice-based signatures to corresponding application scenarios.Based on the difficult problem of lattice,we study different digital signature schemes and their applications from the aspects of security,scalability,efficiency,and application scenarios,and achieve the following research results:(1)Aiming at the problem that some lattice-based blind signature schemes cannot resist malicious users and have the risk of key leakage,we use the cascade technology to construct a new lattice-based identity-based proxy partial blind signature scheme,which solves the key leakage problem of previous schemes.At the same time,the partial blind structure solves the problem of malicious user attacks in the fully blind signature scheme.Finally,under standard model(SM),we proved the partial blindness of our scheme and existential unforgeability under adaptive chosen message attacks(EUFCMA).(2)We design a lattice-based ring signature scheme with a fixed verification key.Compared with previous lattice-based ring signature schemes,our design has a fixed verification key size(the verification key does not increase with the number of people in the ring)and does not reveal the identity of the signer.At the same time,we propose an anonymous electronic voting scheme using our signature scheme and(,9))threshold scheme,which makes up for the deficiency that the current anonymous electronic voting scheme cannot resist quantum computer attacks.Finally,under SM,we show that our signature scheme is anonymous with full key exposure and unforgeable against internal corruption.In addition,we also briefly analyze the security of our anonymous electronic voting scheme.(3)Most of the existing proxy re-signature schemes are not resistant to collusion attacks.Therefore,we construct a proxy re-signature scheme using dual modulus technology and lattice structure.The dual modulus technology can ensure that our scheme can be resistant to various collusion attacks.The lattice structure can guarantee that our scheme is secure in the post-quantum era.Compared to previous schemes,our scheme is unidirectional and certificateless,is secure in the post-quantum era,does not require key escrow,prevents man-in-the-middle attacks,and can resist collusion attacks of proxy and delegatee as well as proxy and delegator.Furthermore,our scheme is unidirectional and thus has better privacy.Finally,under random oracle model(ROM),we proved that our scheme is EUF-CMA against external attackers and internal KeyGeneration-Center(KGC).(4)Aiming at problems that ring signature has large storage space(key escrow),has some security risks,and cannot avoid malicious KGC in the post-quantum era,based on our previous ring signature scheme,we design a certificateless ring signature scheme based on lattice.Compared with the previous ring signature schemes based on lattice,our design has a small storage space(no key escrow),can avoid malicious KGC,and has higher security and efficiency in the post-quantum era.Finally,under ROM,we proved that our scheme is anonymous against the full-key exposure,and EUF-CMA against external attackers and the internal KGC.(5)Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks.However,there are many problems with previous homomorphic signature schemes which require key escrow,cannot resist malicious KGC,and are insecure in the post-quantum era.Therefore,we propose a lattice-based certificateless linearly homomorphic signature scheme(CLHS).In our scheme,certificateless structure can avoid key escrow and malicious KGC.The lattice structure ensures that our scheme is secure in the postquantum era.Compared with the previous schemes,our scheme has smaller storage space(no key escrow),can avoid malicious KGC,is more secure in the post-quantum era,and has higher signature efficiency.At the same time,our scheme is more suitable for network coding.Finally,under ROM,we proved that our scheme is weakly context hiding and EUF-CMA against external attackers and the internal KGC.