Our scheme relies on the Gentry, Peikert and Vainkuntanathan signature [STOC’08] and non-interactive zero-knowledge proofs for linear relations with small unknowns, which are significantly more efficient than their general purpose counterparts. Its security stems from a new and arguably natural assumption which we introduce: one-more-ISIS. This assumption can be seen as a lattice analogue of the one-more-RSA assumption by Bellare et al [JoC’03]. To gain confidence, we provide a detailed overview of diverse attack strategies.
Category / Keywords: public-key cryptography / Blind signatures, practical, round-optimal, lattices Date: received 29 Nov 2021, last revised 16 Mar 2022 Contact author: shweta a at cse iitm ac in, elenakirshanova at gmail com, damien stehle at ens-lyon fr, anshu yadav06 at gmail com Available format(s): PDF | BibTeX Citation Note: This version does not contain one of the constructions from the earlier version. That construction has been substantially improved and will appear as a separate report. Version: 20220316:143808 (All versions of this report) Short URL: ia.cr/2021/1565