Abstract
We propose a provably secure Identity-Based Signature (IBS) scheme in the multivariate quadratic (MQ) setting. Our construction utilizes the 3-pass identification scheme (IDS) and salted-UOV scheme (of Sakumoto et al. Crypto 2011, PQCrypto 2011). The main technical tool in our security reduction is a further generalization of the Forking Lemma of Bellare and Neven (CCS 2006). The forking algorithm of Bellare-Neven cannot be directly applied to our context, as it requires simulating two random oracles one of which needs to be suitably programmed to embed the challenge supplied in the problem instance. Our formulation of forking algorithm involves an encoding technique that satisfies all the requirements of the security reduction. To the best of our knowledge, the algorithm introduced here is the first formulation of forking in a nonlinear setting. This abstraction is likely of independent interest, particularly to argue security of signature schemes in the MQ-setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
If the public map \(\mathcal {P}\) (involved in the 3-pass IDS) is considered to be UOV-public map, then this lemma will rely on WMQ-problem.
- 2.
For the sake of concreteness, we present the extended forking algorithm using only the instance of the WMQ-problem. The same algorithm also works for a similar kind of problem instance. It would be interesting to find some applications that rely on problems other than the WMQ-problem.
- 3.
In [SSH11b], authors also proposed a 5-pass IDS whose knowledge error is remarkably less than its 3-pass variant. So, the number of parallel rounds required to construct any signature scheme based on that 5-pass IDS is expected to be significantly less than its 3-pass counterpart. This, in turn, implies that a signature based on 5-pass IDS would be more efficient than its 3-pass variant. However, the authors in [KZ20] showed a forgery on MQDSS [CHR+16] (a signature scheme based on this 5-pass IDS). To compensate for this attack, one has to go for larger values of parameters, which essentially means that 5-pass IDS is no more efficient than its 3-pass variant for the same security level. On the other hand, the 3-pass IDS is well understood and structurally simpler and thus appears to be a better choice.
- 4.
Note that this is not something unique for the MQ-setting as [BNN09] itself observed that their framework does not encompass all possible candidate schemes.
- 5.
Recall that \({\boldsymbol{y}}\) is considered here as an index, i.e., a positive integer.
- 6.
This probability does not include any non-negligible advantage due to the knowledge error \((2/3)^r\) (c.f., Lemma 3) of the underlying \(\mathsf{IDS}^r\) as \((2/3)^r= \mathsf{negl}(\kappa )\) by the choice of \(r\). Otherwise, the forking algorithm would fail to provide sufficient information about the underlying witness.
- 7.
This consideration is for an easy exposition of the reduction. Otherwise, we can allow asking multiple key-gen queries for an identity. In this case, we can keep a counter for each queried identity and even allow \(\mathcal {A}_2\) to choose a particular secret key for the same identity by specifying the counter to answer the signature queries.
References
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: 13th ACM Conference on Computer and Communications Security, pp. 390–399. Association for Computing Machinery, New York (2006)
Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_17
Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. J. Cryptol. 22(1), 1–61 (2009). https://doi.org/10.1007/s00145-008-9028-8
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conference on Computer and Communications Security, pp. 62–73. SIAM (1993)
Choon, J.C., Hee Cheon, J.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_2
Chen, M.-S., Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass \(\cal{MQ}\)-based identification to \(\cal{MQ}\)-based signatures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 135–165. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_5
Chen, J., Ling, J., Ning, J., Ding, J.: Identity-based signature schemes for multivariate public key cryptosystems. Comput. J. 62(8), 1132–1147 (2019)
Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_14
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_20
Hauck, E., Kiltz, E., Loss, J.: A modular treatment of blind signatures from identification schemes. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 345–375. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_12
Jensen, J.L.W.V.: Sur les fonctions convexes et les inégalités entre les valeurs moyennes. Acta Math. 30, 175–193 (1906). https://doi.org/10.1007/BF02418571
Kurkowski, S., Camp, T., Colagrosso, M.: MANET simulation studies: the incredibles. ACM SIGMOBILE Mobile Comput. Commun. Rev. 9(4), 50–61 (2005)
Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_15
Kales, D., Zaverucha, G.: An attack on some signature schemes constructed from five-pass identification schemes. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_1
Van Luyen, L.: An improved identity-based multivariate signature scheme based on rainbow. Cryptography 3(1), 8 (2019)
National Institute of Standards and Technology: Post-quantum crypto project (Second Round) (2019). https://csrc.nist.gov/Projects/post-quantum-cryptography/round-2-submissions. Accessed 04 Sept 2021
National Institute of Standards and Technology: Post-quantum crypto project (Third Round) (2020). https://csrc.nist.gov/publications/detail/nistir/8309/final. Accessed 04 Sept 2021
Paterson, K.G.: Id-based signatures from pairings on elliptic curves. Electron. Lett. 38(18), 1025–1026 (2002)
Petzoldt, A., Bulygin, S., Buchmann, J.: A multivariate based threshold ring signature scheme. Appl. Algebra Eng. Commun. Comput. 24(3–4), 255–275 (2013). https://doi.org/10.1007/s00200-013-0190-3
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Sakumoto, K., Shirai, T., Hiwatari, H.: On provable security of UOV and HFE signature schemes against chosen-message attack. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 68–82. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_5
Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706–723. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_40
Shen, W., Tang, S., Xu, L.: IBUOV, a provably secure identity-based UOV signature scheme. In: IEEE 16th International Conference on Computational Science and Engineering, pp. 388–395. IEEE (2013)
Acknowledgement
We would like to thank Dr. Subhabrata Samajder and the anonymous reviewers of Indocrypt 2021 for their comments and suggestions that helped us in polishing the technical and editorial content of this paper. This work is supported by the Ministry of Electronics and Information Technology, Government of India through its grants for the Center for Excellence in Quantum Technology at IISc, Bangalore.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chatterjee, S., Dimri, A., Pandit, T. (2021). Identity-Based Signature and Extended Forking Algorithm in the Multivariate Quadratic Setting. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham. https://doi.org/10.1007/978-3-030-92518-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-92518-5_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92517-8
Online ISBN: 978-3-030-92518-5
eBook Packages: Computer ScienceComputer Science (R0)