2018
DOI: 10.1007/978-3-030-01950-1_18
|View full text |Cite
|
Sign up to set email alerts
|

Towards Practical Lattice-Based One-Time Linkable Ring Signatures

Abstract: We present a practical construction of an additively homomorphic commitment scheme based on structured lattice assumptions, together with a zero-knowledge proof of opening knowledge. Our scheme is a design improvement over the previous work of Benhamouda et al. in that it is not restricted to being statistically binding. While it is possible to instantiate our scheme to be statistically binding or statistically hiding, it is most efficient when both hiding and binding properties are only computational. This re… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
49
0

Year Published

2019
2019
2020
2020

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 52 publications
(49 citation statements)
references
References 50 publications
0
49
0
Order By: Relevance
“…More concretely we use the ring R q = Z q [X]/(X 256 + 1), where q = 8380417. The parameters of the MLWE problem are (k, l) = (3,4) and the coefficients of the LWE secrets are sampled uniformly from [−6, 6]. In our implementation we use the optimization by Bai and Galbraith [2].…”
Section: Parameter Selection Implementation Results and Conclusionmentioning
confidence: 99%
See 2 more Smart Citations
“…More concretely we use the ring R q = Z q [X]/(X 256 + 1), where q = 8380417. The parameters of the MLWE problem are (k, l) = (3,4) and the coefficients of the LWE secrets are sampled uniformly from [−6, 6]. In our implementation we use the optimization by Bai and Galbraith [2].…”
Section: Parameter Selection Implementation Results and Conclusionmentioning
confidence: 99%
“…) proving knowledge of (s I , I) ∈ S 1 ×[N ], such that s I X 0 = X I . 4 We sketch the description of our base OR sigma protocol Π RS-base Σ . First, the prover samples an element r uniformly from S 2 , and computes R i = r X i for all i ∈ [N ].…”
Section: From An Admissible Group Action To Base or Sigma Protocolmentioning
confidence: 99%
See 1 more Smart Citation
“…In 2018, Boyen and Haines [5] put forward a LRS scheme, which uses an n-time one-way private key update mechanism based on n-times multi-linear mapping. Baum et al [4] proposed a LRS scheme, the security is based on difficult questions on lattices.…”
Section: A Related Workmentioning
confidence: 99%
“…These two schemes achieved unconditional anonymity. In 2018, Baum et al [3] presented a LRS scheme by a lattice-based collision-resistant hash function. Boyen and Haines [4] proposed a LRS scheme that implements forward-secure key updates and unconditional anonymity.…”
Section: A Related Workmentioning
confidence: 99%