Paper 2022/272
Quantum-Secure Aggregate One-time Signatures with Detecting Functionality
Shingo Sato and Junji Shikata
Abstract
An aggregate signature (ASIG) scheme allows any user to compress multiple signatures into a short signature called an aggregate signature. While a conventional ASIG scheme cannot detect any invalid messages from an aggregate signature, an ASIG scheme with detecting functionality (D-ASIG) has an additional property which can identify invalid messages from aggregate signatures. Hence, D-ASIG is useful to reduce the total amount of signature-sizes on a channel. On the other hand, development of quantum computers has been advanced recently. However, all existing D-ASIG schemes are insecure against attacks using quantum algorithms, which we call quantum attacks. In this paper, we propose a D-ASIG scheme with quantum-security which means security in a quantum setting. Hence, we first introduce quantum-security notions of ASIGs and D-ASIGs because there is no research on such security notions for (D-)ASIGs. Second, we propose a lattice-based aggregate one-time signature scheme with detecting functionality, and prove that this scheme satisfies our quantum-security in the quantum random oracle model and the certified key model. Hence, this scheme is the first quantum-secure D-ASIG.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Major revision. AINA 2022
- Keywords
- Aggregate signaturesQuantum-security
- Contact author(s)
-
sato-shingo-zk @ ynu ac jp
shikata-junji-rb @ ynu ac jp - History
- 2022-03-02: received
- Short URL
- https://ia.cr/2022/272
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/272,
author = {Shingo Sato and Junji Shikata},
title = {Quantum-Secure Aggregate One-time Signatures with Detecting Functionality},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/272},
year = {2022},
url = {https://eprint.iacr.org/2022/272}
}
