### Practical, Round-Optimal Lattice-Based Blind Signatures

##### Abstract

Blind signatures are a fundamental cryptographic primitive with numerous practical applications. While there exist many practical blind signatures from number-theoretic assumptions, the situation is far less satisfactory from post-quantum assumptions. In this work, we provide the first overall practical, lattice-based blind signature, supporting an unbounded number of signature queries and additionally enjoying optimal round complexity. We provide a detailed estimate of parameters achieved -- we obtain a signature of size slightly above 45KB, for a core-SVP hardness of 109 bits. The run-times of the signer, user and verifier are also very small. Our scheme relies on the Gentry, Peikert and Vaikuntanathan signature [STOC'08] and non-interactive zero-knowledge proofs for linear relations with small unknowns, which are significantly more efficient than their general purpose counterparts. Its security stems from a new and arguably natural assumption which we introduce, called the one-more-ISIS assumption. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC'03]. To gain confidence in our assumption, we provide a detailed analysis of diverse attack strategies.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. ACM CCS 2022
Keywords
Blind signatures practical round-optimal lattices
Contact author(s)
shweta a @ cse iitm ac in
elenakirshanova @ gmail com
damien stehle @ ens-lyon fr
History
2022-09-02: last of 3 revisions
See all versions
Short URL
https://ia.cr/2021/1565

CC BY

BibTeX

@misc{cryptoeprint:2021/1565,
author = {Shweta Agrawal and Elena Kirshanova and Damien Stehle and Anshu Yadav},
title = {Practical, Round-Optimal Lattice-Based Blind Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2021/1565},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/1565}},
url = {https://eprint.iacr.org/2021/1565}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.