[PDF] Top 20 Towards Practical Lattice-Based One-Time Linkable Ring Signatures

... (Linkable) Ring Signature Schemes. There exists a wealth of literature on ring signature and linkable ring signature schemes such as [40, 16, 27, 6, 17] and we only list some of the ... See full document

... Linkable Ring Signature (LRS) primitive is receiving attention thanks to its dis- tinguishing capabilities of anonymously detecting if two linkable ring signatures are being signed by ... See full document

... of lattice-based signature schemes like the GLP [16], BLISS [13] and Ring-Tesla [2] schemes that follow the Fiat-Shamir ...of lattice-based digital signature ...attack based on ... See full document

... structured lattice-based cryptography, as they enjoy well-understood algebraic properties and leads to to efficient implementa- ...same time, the signature length jumps from 617 Bytes to 1233 Bytes. ... See full document

... for which we can build a ZKPoK showing that the commitment is to an element in this set. 1 An application of our new proof system is towards constructing more practical lattice-based group ... See full document

... of lattice-based group signatures raises several interesting open ...questions. One of them is whether it is possible to design a scheme in the BMW model that simultaneously achieves signature ... See full document

... range of functionalities, all of them have very long signature sizes that seem too large for practical use. Our new technical tools developed in Section 3 intro- duce new directions for efficient applications of ... See full document

... was based on CryptoNote, which uses ring signatures and one-time keys to hide the destination and origin of ...of ring signature, A Multi-layered Linkable Spontaneous ... See full document

... a ring signature is a type of digital signature that can be performed by any member of a group of users that each have ...a ring signature is endorsed by someone in a particular group of ...people. ... See full document

... Classical ring signatures We review the existing constructions of (linkable) ring ...is based on one-way trapdoor permutations along with a block ...a ring signature ... See full document

... non-negligible. Towards this end, we define a condition called (, δ)-Hiding and then prove that if the domains of the hash function, key space, and message space satisfy this requirement for a constant and a δ ... See full document

... the time spent on the SHAKE call by DeterministicSample is vulnerable to the ...execution time, thus approximately 19 % of random faults anywhere during signing lead to key ... See full document

... all signatures can be produced independently by running the signing algorithm on input the secret key and message to be ...same time also improves the tightness of the reduction,) almost matching the ... See full document

... Finally, we prototype our constructions in a resource-constrained environ- ment by implementing those on a Raspberry Pi. We find that the performance of the proposed constructions is comparable to other prominent ... See full document

... schemes based on the notion of ac- cumulator with one-way domain, an extension of crypto- graphic ...accumulator based on bilinear pairings to design ID- based ad-hoc anonymous identification ... See full document

... extra generators in gk are chosen by the reduction algorithm.) Such an extension is in particular needed when the TOS is coupled with other signature schemes whose mes- sage space is structured as above. Indeed, it is ... See full document

... ECC based digital signature implementa- tions face a potential catastrophic vulnerability in the face of quantum ...) time. On one hand, quantum computer development is still at its infancy and the ... See full document

... Abstract: Efficient member revocation and strong security against attacks are prominent requirements in group signature schemes. Among the revocation approaches Verifier-local revocation is the most flexible and ... See full document

... Polynomial Ring) is a lattice-based public key cryptosystem which was presented by Jeffrey Hoffstein, Jill Pipher and Joseph ...polynomial ring with integer coefficients. Due to its ... See full document

... trees signatures is to consider a caching ...store one OTS per layer of subtrees, and refresh them each time the signing algorithm discovers a new ... See full document