Towards Practical Lattice-Based One-Time Linkable Ring Signatures [chapter]

Carsten Baum, Huang Lin, Sabine Oechsner
2018 Lecture Notes in Computer Science  
We present an additively homomorphic commitment scheme with hardness based on the Ring-SIS problem. Our construction is statistically hiding as well as computationally binding and allows to commit to a vector of ring elements at once. We define the ring SIS problem in the canonical embedding (rather than in the standard polynomial representation) and this allows us to get a stronger connection between breaking our binding property and known worst case results in ideal lattices. We show how to
more » ... stantiate efficient zero-knowledge protocols that can be used to prove a number of relations among these commitments, and apply these in the context of lattice-based threshold cryptosystems: we give a generic transformation that can be used with certain (Ring-)LWEbased encryption schemes to make their algorithms actively secure. We show how this transformation can be used to implement distributed decryption with malicious security as well as maliciously secure threshold key generation in an efficient way.
doi:10.1007/978-3-030-01950-1_18 fatcat:ymdodcwgvzeutgenjzqi4g4omu