Vector and Functional Commitments from Lattices.

These assumptions are weaker than those for the previous lattice-based identification schemes of Micciancio and Vadhan [CRYPTO '03] and of Lyubashevsky [PKC '08]. ... We also construct eAEcient ad hoc anonymous identification schemes based on the lattice problems by modifying the variants. ... Acknowledgement The third author thanks Eiichiro Fujisaki for his inspiring question, which motivated us to combine Stern's protocol with lattice-based hash functions. ...

doi:10.1007/978-3-540-89255-7_23 fatcat:hsjuzltzcfetja4lprxvmjw2oe

POST-QUANTUM FUZZY COMMITMENT FUNCTION Let Α ∈ ℤ × be a matrix generated randomly and a vector ∈ ℤ chosen randomly. Let ⊆ {0,1} be the message space. ... For the random generation of an × 1 secret vector in , the combination of MATLAB functions rand and round are used. ...

doi:10.1109/access.2021.3100981 fatcat:vpc34nzaefcmbi5kectkdbmozm

DOAJ

In this paper we propose a scheme whose security relies on the existence of a commitment scheme and on the hardness of worst-case lattice problems. ... Therefore, having an efficient ID solution from lattices gives rise to a similarly efficient signature construction, keeping the same hardness assumption. ... The public key consists of an n-dimensional vector y = Ax mod q, the random matrix A, and a commitment function Com. ...

doi:10.2478/v10127-012-0038-4 fatcat:xt42dbd7dvg4lhycgdg7slux3e

Szczepanski

On the practical side, lattice cryptography has been shown to be very versatile, leading to an unprecedented variety of applications, from simple (and efficient) hash functions, to complex and powerful ... intuitive and appealing geometric interpretation in terms of point lattices. ... The construction of commitment schemes from lattices is very simple: in order to commit to a value represented by a short vector x, choose a short random vector r, and output f A (x, r), where matrix A ...

doi:10.1007/978-3-642-23082-0_7 fatcat:fwjkhdpxpvckzewi6bc3kpa3qi

This survey presents an overview and a comparative analysis of the state of art in post-quantum identification schemes based on lattices. ... Furthermore, we propose an adaptation of the HB family of identification in a lattice context. ... Commitment function(π(r)) 2.3 c 3 ← Commitment function(π(x + r)) 3. ...

doi:10.5486/pmd.2011.5311 fatcat:qynhz2ewlzaznnxbb4h6cclbuu

In this short paper, we provide our insights on constructing a lattice-based simulatable verifiable random function (sVRF) using non interactive zero knowledge arguments and dual-mode commitment schemes ... Lattice-based cryptography is evolving rapidly and is often employed to design cryptographic primitives that hold a great promise to be post-quantum resistant and can be employed in multiple application ... We are grateful to the anonymous reviewers for their insightful comments, suggestions, discussions and the new literature-directions provided. ...

doi:10.22667/jisis.2018.11.30.057 dblp:journals/jisis/BrunettaLM18 fatcat:y2vfafveezftljtg33beq3uh2u

DOAJ

From security perspective we also have improvements, because our scheme exhibits a worst-case to average-case reduction typical of lattice-based cryptosystems. ... Such gain is also maintained through the application of the Fiat-Shamir heuristics to derive signatures from our identification scheme. ... commitment function. ...

doi:10.1007/978-3-642-14712-8_16 fatcat:qxwi5lupm5fwlb4jzb7pzkvdpe

Döring, and R. Lindner. Efficiency improvement for NTRU. In A. Alkassar and J. H. Siekmann, editors, Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4. ... The public key consists of an n-dimensional vector y = Ax mod q, the random matrix A, and a commitment function Com. ... It works as follows: Both parties agree on a deterministic commitment function Com from a suitable family. This can be be realized, e.g., with a trusted third party. ...

doi:10.1007/978-3-642-16280-0_1 fatcat:qphlhyww45avzim6wyo7bvnira

This paper presents a batch version of the lattice-based identification scheme known as CLRS. ... We use the hardness of a lattice problem, namely the Inhomogeneous Small Integer Solution problem (I-SIS), as security assumption. ... One possibility is to have the arguments from which the commitments assuming different values for the two challenges, but with similar images through the application of the function Com. ...

doi:10.1109/itw.2011.6089381 dblp:conf/itw/SilvaCL11 fatcat:ot5zcjzxfracdm3bcn6vregzkq

Interestingly, our proposal does not follow the framework established by Kiefer and Manulis and offers an alternate construction without homomorphic commitments. ... In this work, we construct the first post-quantum ZKPPC using lattice-based tools. ... The research is supported by Singapore Ministry of Education under Research Grant MOE2016-T2-2-014(S) and by NTU under Tier 1 grant RG143/14. ...

arXiv:1802.05004v1 fatcat:kjv243zjpzdjlbrloidua4cf4e

Interestingly, our proposal does not follow the framework established by Kiefer and Manulis and offers an alternate construction without homomorphic commitments. ... In this work, we construct the first post-quantum ZKPPC using lattice-based tools. ... The research is supported by Singapore Ministry of Education under Research Grant MOE2016-T2-2-014(S) and by NTU under Tier 1 grant RG143/14. ...

doi:10.1007/978-3-319-69659-1_6 fatcat:jwjf3mwq7zdc5mzub7oq4xygzu

Our first proof systems are for approximate versions of the Shortest Vector Problem (SVP) and Closest Vector Problem (CVP), where the witness is simply a short vector in the lattice or a lattice vector ... Our proof systems are in fact proofs of knowledge, and as a result, we immediately obtain efficient lattice-based identification schemes which can be implemented with arbitrary families of lattices in ... We are grateful to Oded Goldreich and Shafi Goldwasser for suggesting the problems on lattices. ...

doi:10.1007/978-3-540-45146-4_17 fatcat:wkzbwwspgzfflhwq7vdvuxxzyy

This paper presents a lattice mapping based fuzzy commitment method for cryptographic key generation from biometric data. ... This paper presents a lattice mapping based fuzzy commitment method for cryptographic key generation from biometric data. ... Lattice Mapping Based Fuzzy Commitment Fuzzy Commitment Scheme [4] Formally an n-bit commitment scheme consists of a function F : {0, 1} n × X → Y . ...

doi:10.1109/icpr.2006.423 dblp:conf/icpr/ZhengLZ06 fatcat:lralvfgjnrdabpdbna3txku3qi

More formally, for an approximation factor γ ≥ 1 and some 0 < ε < 1 (which may both be functions of the lattice dimension n), we define γ-GapSPP ε to be the promise problem in which YES instances are lattices ... from several perspectives. ... Intuitively, the vector w is binding to v if the noise is sufficiently short. To actually commit to a bit, the sender also samples a random hash function h, and commits to the hashed bit b = h(v). ...

doi:10.1109/ccc.2013.31 dblp:conf/coco/ChungDLP13 fatcat:rjb2enmta5eubacj75rd3t74gi

A malicious verifier poses herself as an honest verifier, engages in the protocol, deviates from the protocol, and tries to gain knowledge about the secret stored on the smart card. ... The main protocol is only secure against active attacks, but we present a modification based on trapdoor commitments that can resist concurrent attacks as well. ... The set of all integral linear combinations of these vectors, i.e., the set n i=1 x i b i | x i ∈ Z is called a lattice. b 1 , . . . , b n are the base vectors of the lattice, and the matrix B = [b 1 | ...

doi:10.1080/00207160.2015.1011629 fatcat:zr7akbtr5vbonkd6yw33j3p3di

Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems [chapter]

Preserved Fulltext

A Post-Quantum Fuzzy Commitment Scheme for Biometric Template Protection: An Experimental Study

Preserved Fulltext

Improved Zero-Knowledge Identification with Lattices

Preserved Fulltext

The Geometry of Lattice Cryptography [chapter]

Preserved Fulltext

Post-quantum cryptography: lattice identification schemes

Preserved Fulltext

Lattice-Based Simulatable VRFs: Challenges and Future Directions

Preserved Fulltext

A Lattice-Based Threshold Ring Signature Scheme [chapter]

Preserved Fulltext

Improved Zero-Knowledge Identification with Lattices [chapter]

Preserved Fulltext

A lattice-based batch identification scheme

Preserved Fulltext

Zero-Knowledge Password Policy Check from Lattices [article]

Preserved Fulltext

Zero-Knowledge Password Policy Check from Lattices [chapter]

Preserved Fulltext

Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More [chapter]

Preserved Fulltext

Cryptographic Key Generation from Biometric Data Using Lattice Mapping

Preserved Fulltext

On the Lattice Smoothing Parameter Problem

Preserved Fulltext

An efficient statistical zero-knowledge authentication protocol for smart cards

Preserved Fulltext