Cryptology ePrint Archive: Report 2013/856

Tightly-Secure Signatures From Lossy Identification Schemes

Michel Abdalla and Pierre-Alain Fouque and Vadim Lyubashevsky and Mehdi Tibouchi

Abstract: In this paper we present three digital signature schemes with tight security reductions. Our first signature scheme is a particularly efficient version of the short exponent discrete log based scheme of Girault et al. (J. of Cryptology 2006). Our scheme has a tight reduction to the decisional Short Discrete Logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Asiacrypt 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the Subset Sum problem.

We also present a general transformation that converts what we term lossy identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of such signature schemes.

Category / Keywords: public-key cryptography / Signature schemes, tight reductions, Fiat-Shamir

Original Publication (with major differences): IACR-EUROCRYPT-2012

Date: received 18 Dec 2013

Contact author: mehdi tibouchi at normalesup org

Available format(s): PDF | BibTeX Citation

Note: Full, corrected version of the extended abstract presented at EUROCRYPT 2012.

Version: 20131220:160708 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]