Paper 2017/1123

Relaxed Lattice-Based Signatures with Short Zero-Knowledge Proofs

Cecilia Boschini, Jan Camenisch, and Gregory Neven


Higher-level cryptographic privacy-enhancing protocols such as anonymous credentials, voting schemes, and e-cash are often constructed by suitably combining signature, commitment, and encryption schemes with zero-knowledge proofs. Indeed, a large body of protocols have been constructed in that manner from Camenisch-Lysyanskaya signatures and generalized Schnorr proofs. In this paper, we build a similar framework for lattice-based schemes by presenting a signature and commitment scheme that are compatible with Lyubashevsky's Fiat-Shamir proofs with abort, currently the most efficient zero-knowledge proofs for lattices. To cope with the relaxed soundness guarantees of these proofs, we define corresponding notions of relaxed signature and commitment schemes. We demonstrate the flexibility and efficiency of our new primitives by constructing a new lattice-based anonymous attribute token scheme and providing concrete parameters to securely instantiate this scheme.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Latticessigma protocolsanonymous attribute tokensgroup signaturesprivacy enhancing protocols
Contact author(s)
bos @ zurich ibm com
2017-11-24: received
Short URL
Creative Commons Attribution


      author = {Cecilia Boschini and Jan Camenisch and Gregory Neven},
      title = {Relaxed Lattice-Based Signatures with Short Zero-Knowledge Proofs},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1123},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.