International audienceAn accumulator is a function that hashes a set of inputs into a short, constant-size string while preserving the ability to efficiently prove the inclusion of a specific input element in the hashed set. It has proved useful in the design of numerous privacy-enhancing protocols, in order to handle revocation or simply prove set membership. In the lattice setting, currently known instantiations of the primitive are based on Merkle trees, which do not interact well with zero-knowledge proofs. In order to efficiently prove the membership of some element in a zero-knowledge manner, the prover has to demonstrate knowledge of a hash chain without revealing it, which is not known to be efficiently possible under well-studied hardness assumptions. In this paper, we provide an efficient method of proving such statements using involved extensions of Stern's protocol. Under the Small Integer Solution assumption, we provide zero-knowledge arguments showing possession of a hash chain. As an application, we describe new lattice-based group and ring signatures in the random oracle model. In particular, we obtain: (i) The first lattice-based ring signatures with logarithmic size in the cardinality of the ring; (ii) The first lattice-based group signature that does not require any GPV trapdoor and thus allows for a much more efficient choice of parameters
Abstract. Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmicsize signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVP O(n 1.5 ) problem in general lattices -an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures.
Abstract. In all existing efficient proofs of knowledge of a solution to the infinity norm Inhomogeneous Small Integer Solution (ISIS ∞ ) problem, the knowledge extractor outputs a solution vector that is only guaranteed to be O(n) times longer than the witness possessed by the prover. As a consequence, in many cryptographic schemes that use these proof systems as building blocks, there exists a gap between the hardness of solving the underlying ISIS ∞ problem and the hardness underlying the security reductions. In this paper, we generalize Stern's protocol to obtain two statistical zero-knowledge proofs of knowledge for the ISIS ∞ problem that remove this gap. Our result yields the potential of relying on weaker security assumptions for various lattice-based cryptographic constructions. As applications of our proof system, we introduce a concurrently secure identity-based identification scheme based on the worstcase hardness of the SIVP O(n 1.5 ) problem (in the 2 norm) in general lattices in the random oracle model, and an efficient statistical zeroknowledge proof of plaintext knowledge with small constant gap factor for Regev's encryption scheme.
Abstract. We introduce a lattice-based group signature scheme that provides several noticeable improvements over the contemporary ones: simpler construction, weaker hardness assumptions, and shorter sizes of keys and signatures. Moreover, our scheme can be transformed into the ring setting, resulting in a scheme based on ideal lattices, in which the public key and signature both have bitsize O(n·log N ), for security parameter n, and for group of N users. Towards our goal, we construct a new lattice-based cryptographic tool: a statistical zero-knowledge argument of knowledge of a valid message-signature pair for Boyen's signature scheme (Boyen, PKC'10), which potentially can be used as the building block to design various privacy-enhancing cryptographic constructions.
A recent line of works-initiated by Gordon, Katz and Vaikuntanathan (Asiacrypt 2010)-gave lattice-based realizations of privacy-preserving protocols allowing users to authenticate while remaining hidden in a crowd. Despite five years of efforts, known constructions remain limited to static populations of users, which cannot be dynamically updated. For example, none of the existing lattice-based group signatures seems easily extendable to the more realistic setting of dynamic groups. This work provides new tools enabling the design of anonymous authentication systems whereby new users can register and obtain credentials at any time. Our first contribution is a signature scheme with efficient protocols, which allows users to obtain a signature on a committed value and subsequently prove knowledge of a signature on a committed message. This construction, which builds on the lattice-based signature of Böhl et al. (Eurocrypt'13), is well-suited to the design of anonymous credentials and dynamic group signatures. As a second technical contribution, we provide a simple, round-optimal joining mechanism for introducing new members in a group. This mechanism consists of zero-knowledge arguments allowing registered group members to prove knowledge of a secret short vector of which the corresponding public syndrome was certified by the group manager. This method provides similar advantages to those of structure-preserving signatures in the realm of bilinear groups. Namely, it allows group members to generate their public key on their own without having to prove knowledge of the underlying secret key. This results in a two-round join protocol supporting concurrent enrollments, which can be used in other settings such as group encryption.
Nanotechnology aims to produce and manipulate well-defined structures at the nanoscale level with high accuracy. However, it has become quite clear in recent years that conventional ''top-down'' approaches are beset with perhaps insurmountable experimental difficulties owing to various physical effects that are not easily scalable, and most importantly, because of the cost issues associated with nanoscale fabrication processes. This state of affairs has led to great interest in the development of new methodologies based on bottom-up approaches. In this context, the DNA motif is of particular interest because of its unique intra-and intermolecular recognition properties. In particular, DNA has already been extensively used to construct nanostructures, [1,2] biomolecule/nanoparticle conjugates, and scaffolds for the assembly of nanoparticles. [3][4][5][6][7] The use of DNA for the assembly of devices can also be easily envisioned. Our goal is to use DNA not only as a positioning scaffold for nanodevices, but also as a support for the conducting element. For this purpose, we have developed a novel approach to metallize DNA molecules that have been previously deposited on a dry substrate in a typical nanodevice configuration. Several methods have been developed to metallize DNA scaffolds over the last 10 years, [8] and different metals have been used in the metallization process. One of the most common approaches involves ion-exchange on the DNA backbone for the deposition of silver [9,10] or copper.[11] Alternatively, positively charged gold nanoparticles have been deposited on DNA via electrostatic interactions with the negatively charged DNA backbone. [12,13] In another approach, Pt [14][15][16][17][18][19][20][21] and Pd [22][23][24][25][26][27] complexes have been extensively used for metallizing DNA based on the insertion of metal complexes between the DNA bases.Most DNA electroless-plating metallization techniques use a sequence of three main steps.[8] The first step consists of the binding of metal ions or metal complexes to DNA strands to create reactive metal sites. This step is usually called the activation step and is based either on exchanging ions into the DNA backbone, [9,10] or the insertion of metal complexes between the DNA bases. [14][15][16][17][18][19][20][21][22][23][24][25][26][27] In the second step, the reactive metal sites are usually treated with a reducing agent. This converts the metal ions or metal complexes into metal nanoclusters fixed onto the DNA strand. The third step of the metallization process consists of the autocatalytic growth of these affixed metal nanoclusters, which are now able to act as seeds because of the simultaneous presence of both metal-ions/metalcomplexes as well as reducing agents in the growth solution. Previous reports in the literature have illustrated the growth of metallic Pd nanowires by this approach. [20][21][22][23][24][25][26][27] However, the major drawback of this fabrication method is the fast kinetics of the growth reaction. Reducing agents dissolved...
Abstract. In this paper, we present an identity-based encryption (IBE) scheme from lattices with efficient key revocation. We adopt multiple trapdoors from the Agrawal-Boneh-Boyen and GentryPeikerty-Vaikuntanathan lattice IBE schemes to realize key revocation, which in turn, makes use of binary-tree data structure. Using our scheme, key update requires logarithmic complexity in the maximal number of users and linear in the number of revoked users for the relevant key authority. We prove that our scheme is selective secure in the standard model and under the LWE assumption, which is as hard as the worst-case approximating short vectors on arbitrary lattices. Moreover, our key revocation techniques from lattices can be applied to obtain revocable functional encryption schemes in the similar setting.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.