Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications

Ling, San; Nguyen, Khoa; Stehlé, Damien; Wang, Huaxiong

doi:10.1007/978-3-642-36362-7_8

Cited by 127 publications

(137 citation statements)

References 45 publications

Supporting

Mentioning

137

Contrasting

Order By: Relevance

“…Ling et al [25] proposed a Stern-type zero-knowledge proof of knowledge for the ISIS ∞ n,m,q,β problem that enjoys a strong security guarantee: the best way to break their protocol is to solve the underlying ISIS problem. They achieve this feature by using a versatile Decomposition-Extension framework.…”

Section: The Decomposition -Extension Techniquementioning

confidence: 99%

“…To prove that he is a certified group member without leaking z, the user can perform a proof of knowledge (e.g., [30,26,25]) to convince the verifier that he knows such a vector z in zero-knowledge.…”

Section: Introductionmentioning

confidence: 99%

“…. , ℓ, one of the two blocks x 0 i , x 1 i must be zero, where the arrangement of the zero-blocks is determined by d. To prove in zero-knowledge the possession of such a vector x, we adapt the 'Stern Extension' proof system from [25], where the user identity d is hidden by a "one-time pad" technique. This technique is as follows.…”

Section: Introductionmentioning

confidence: 99%

“…Putting everything together, we obtain a lattice-based VLR group signature that has several nice features, as mentioned earlier. In the process, we exploit the rich structure of the Bonsai tree [14], and the versatility of the "Stern Extension" proof system [25]. We also employ a special "one-time pad" technique, and a novel revocation mechanism.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A lattice-based group signature scheme with verifier-local revocation

Ling

Nguyen

Roux-Langlois

et al. 2018

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVP O(n 1.5 ) problem in general lattices -an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures.

show abstract

Section: The Decomposition -Extension Techniquementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A lattice-based group signature scheme with verifier-local revocation

Ling

Nguyen

Roux-Langlois

et al. 2018

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, the asymptotic efficiency does not come to the front when the underlying set has small, constant size. Here, we employ a different approach, which has linear complexity but is technically simpler and practically more efficient, based on the extend-then-permute technique for Stern's protocol, suggested by Ling et al [37]. Finally, we use a general framework for Stern-like protocols, put forward by Libert et al [34], to combine all of our sub-protocols for set membership and obtain a ZKPPC protocol.…”

Section: Introductionmentioning

confidence: 99%

Zero-Knowledge Password Policy Check from Lattices

Nguyen

Tan

Wang

2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Passwords are ubiquitous and most commonly used to authenticate users when logging into online services. Using high entropy passwords is critical to prevent unauthorized access and password policies emerged to enforce this requirement on passwords. However, with current methods of password storage, poor practices and server breaches have leaked many passwords to the public. To protect one's sensitive information in case of such events, passwords should be hidden from servers. Verifier-based password authenticated key exchange, proposed by Bellovin and Merrit (IEEE S&P, 1992), allows authenticated secure channels to be established with a hash of a password (verifier). Unfortunately, this restricts password policies as passwords cannot be checked from their verifier. To address this issue, Kiefer and Manulis (ESORICS 2014) proposed zero-knowledge password policy check (ZKPPC). A ZKPPC protocol allows users to prove in zero knowledge that a hash of the user's password satisfies the password policy required by the server. Unfortunately, their proposal is not quantum resistant with the use of discrete logarithm-based cryptographic tools and there are currently no other viable alternatives. In this work, we construct the first post-quantum ZKPPC using lattice-based tools. To this end, we introduce a new randomised password hashing scheme for ASCII-based passwords and design an accompanying zero-knowledge protocol for policy compliance. Interestingly, our proposal does not follow the framework established by Kiefer and Manulis and offers an alternate construction without homomorphic commitments. Although our protocol is not ready to be used in practice, we think it is an important first step towards a quantum-resistant privacy-preserving password-based authentication and key exchange system.

show abstract

Efficient Group Signature Scheme Over NTRU Lattice

Yang

Yan

et al. 2018

Cloud Computing and Security

View full text Add to dashboard Cite

Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications

Cited by 127 publications

References 45 publications

A lattice-based group signature scheme with verifier-local revocation

A lattice-based group signature scheme with verifier-local revocation

Zero-Knowledge Password Policy Check from Lattices

Efficient Group Signature Scheme Over NTRU Lattice

Contact Info

Product

Resources

About