Paper 2025/356

Lattice-based Proof-Friendly Signatures from Vanishing Short Integer Solutions

Abstract

Efficient anonymous credentials are typically constructed by combining proof-friendly signature schemes with compatible zero-knowledge proof systems. Inspired by pairing-based proof-friendly signatures such as Boneh- Boyen (BB) and Boneh-Boyen-Shacham (BBS), we propose a wide family of lattice-based proof-friendly signatures based on variants of the vanishing short integer solution (vSIS) assumption [Cini-Lai-Malavolta, Crypto'23]. In particular, we obtain natural lattice-based adaptions of BB and BBS which, similar to their pairing-based counterparts, admit nice algebraic properties. [Bootle-Lyubashevsky-Nguyen-Sorniotti, Crypto'23] (BLNS) recently proposed a framework for constructing lattice-based proof-friendly signatures and anonymous credentials, based on another new lattice assumption called $$ parametrised by a fixed function $$, with focus on $$ being the binary decomposition. We introduce a generalised $$ framework, called $$, with a keyed and probabilistic function $$. For example, picking $$ with key $$ for short ring element $$ leads to algebraic and thus proof-friendly signatures. To better gauge the robustness and proof-friendliness of $$, we consider what happens when the inputs to $$ are chosen selectively (or even adaptively) by the adversary, and the behaviour under relaxed norm checks. While bit decomposition quickly becomes insecure, our proposed function families seem robust.