Nils Fleischhacker
ABSTRACT
Multi-signatures allow for compressing many signatures for the same message that were generated under independent keys into one small aggregated signature. This primitive is particularly useful for proof-of-stake blockchains, like Ethereum, where the same block is signed by many signers, who vouch for the block's validity. Being able to compress all signatures for the same block into a short string significantly reduces the on-chain storage costs, which is an important efficiency metric for blockchains.
In this work, we consider multi-signatures in the synchronized setting, where the signing algorithm takes an additional time parameter as input and it is only required that signatures for the same time step are aggregatable. The synchronized setting is simpler than the general multi-signature setting, but is sufficient for most blockchain related applications, as signers are naturally synchronized by the length of the chain.
We present Chipmunk, a concretely efficient lattice-based multi-signature scheme in the synchronized setting that allows for signing an a-priori bounded number of messages. Chipmunk allows for non-interactive aggregation of signatures and is secure against rogue-key attacks. The construction is plausibly secure against quantum adversaries as our security relies on the assumed hardness of the short integer solution problem.
We significantly improve upon the previously best known construction in this setting by Fleischhacker, Simkin, Zhang (CCS 2022). Our aggregate signature size is 5 × smaller and for 112 bits of security our construction allows for compressing 8192 individual signatures into a multi-signature of size less than 200 KB. We provide a full implementation of Chipmunk and provide extensive benchmarks studying our construction's efficiency.
- Jae Hyun Ahn, Matthew Green, and Susan Hohenberger. 2010. Synchronized aggregate signatures: new definitions, constructions and applications. In ACM CCS 2010: 17th Conference on Computer and Communications Security, Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov (Eds.). ACM Press, Chicago, Illinois, USA, 473--484. https://doi.org/10.1145/1866307.1866360Google Scholar
Digital Library
- Miklós Ajtai. 1999. Generating Hard Instances of the Short Basis Problem. In ICALP 99: 26th International Colloquium on Automata, Languages and Programming (Lecture Notes in Computer Science, Vol. 1644), Jirí Wiedermann, Peter van Emde Boas, and Mogens Nielsen (Eds.). Springer, Heidelberg, Germany, Prague, Czech Republic, 1--9. https://doi.org/10.1007/3-540-48523-6_1Google ScholarCross Ref
- Martin R. Albrecht, Rachel Player, and Sam Scott. 2015. On the concrete hardness of Learning with Errors. J. Math. Cryptol., Vol. 9, 3 (2015), 169--203. http://www.degruyter.com/view/j/jmc.2015.9.issue-3/jmc-2015-0016/jmc-2015-0016.xmlGoogle ScholarCross Ref
- Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. 2016. Post-quantum Key Exchange - A New Hope. In USENIX Security 2016: 25th USENIX Security Symposium, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, Austin, TX, USA, 327--343.Google Scholar
- Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. 2003. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In Advances in Cryptology - EUROCRYPT 2003 (Lecture Notes in Computer Science, Vol. 2656), Eli Biham (Ed.). Springer, Heidelberg, Germany, Warsaw, Poland, 416--432. https://doi.org/10.1007/3-540-39200-9_26Google ScholarCross Ref
- Dan Boneh and Sam Kim. 2020. One-Time and Interactive Aggregate Signatures from Lattices. https://crypto.stanford.edu/ skim13/agg_ots.pdf.Google Scholar
- Dan Boneh, Ben Lynn, and Hovav Shacham. 2001. Short Signatures from the Weil Pairing. In Advances in Cryptology - ASIACRYPT 2001 (Lecture Notes in Computer Science, Vol. 2248), Colin Boyd (Ed.). Springer, Heidelberg, Germany, Gold Coast, Australia, 514--532. https://doi.org/10.1007/3-540-45682-1_30Google ScholarCross Ref
- Cecilia Boschini, Akira Takahashi, and Mehdi Tibouchi. 2022. MuSig-L: Lattice-Based Multi-signature with Single-Round Online Phase. In Advances in Cryptology - CRYPTO 2022, Part II (Lecture Notes in Computer Science, Vol. 13508), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 276--305. https://doi.org/10.1007/978-3-031-15979-4_10Google ScholarDigital Library
- Ivan Damgr ard, Claudio Orlandi, Akira Takahashi, and Mehdi Tibouchi. 2021. Two-Round n-out-of-n and Multi-signatures and Trapdoor Commitment from Lattices. In PKC 2021: 24th International Conference on Theory and Practice of Public Key Cryptography, Part I (Lecture Notes in Computer Science, Vol. 12710), Juan Garay (Ed.). Springer, Heidelberg, Germany, Virtual Event, 99--130. https://doi.org/10.1007/978-3-030-75245-3_5Google ScholarCross Ref
- Manu Drijvers, Sergey Gorbunov, Gregory Neven, and Hoeteck Wee. 2020. Pixel: Multi-signatures for Consensus. In USENIX Security 2020: 29th USENIX Security Symposium, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 2093--2110.Google Scholar
- Rachid El Bansarkhani and Jan Sturm. 2016. An Efficient Lattice-Based Multisignature Scheme with Applications to Bitcoins. In CANS 16: 15th International Conference on Cryptology and Network Security (Lecture Notes in Computer Science, Vol. 10052), Sara Foresti and Giuseppe Persiano (Eds.). Springer, Heidelberg, Germany, Milan, Italy, 140--155. https://doi.org/10.1007/978-3-319-48965-0_9Google ScholarDigital Library
- Nils Fleischhacker, Gottfried Herold, Mark Simkin, and Zhenfei Zhang. 2023. Chipmunk: Better Synchronized Multi-Signatures from Lattices. Cryptology ePrint Archive. https://eprint.iacr.org/.Google Scholar
- Nils Fleischhacker, Mark Simkin, and Zhenfei Zhang. 2022. Squirrel: Efficient Synchronized Multi-Signatures from Lattices. In ACM CCS 2022: 29th Conference on Computer and Communications Security, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM Press, Los Angeles, CA, USA, 1109--1123. https://doi.org/10.1145/3548606.3560655Google ScholarDigital Library
- Masayuki Fukumitsu and Shingo Hasegawa. 2019. A Tightly-Secure Lattice-Based Multisignature. In 6th ASIA Public-Key Cryptography Workshop. Association for Computing Machinery, Auckland, New Zealand, 3--11. https://doi.org/10.1145/3327958.3329542Google ScholarDigital Library
- Masayuki Fukumitsu and Shingo Hasegawa. 2020. A Lattice-Based Provably Secure Multisignature Scheme in Quantum Random Oracle Model. In ProvSec 2020: 14th International Conference on Provable Security (Lecture Notes in Computer Science, Vol. 12505), Khoa Nguyen, Wenling Wu, Kwok-Yan Lam, and Huaxiong Wang (Eds.). Springer, Heidelberg, Germany, Singapore, 45--64. https://doi.org/10.1007/978-3-030-62576-4_3Google ScholarDigital Library
- Craig Gentry and Zulfikar Ramzan. 2006. Identity-Based Aggregate Signatures. In PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography (Lecture Notes in Computer Science, Vol. 3958), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.). Springer, Heidelberg, Germany, New York, NY, USA, 257--273. https://doi.org/10.1007/11745853_17Google ScholarDigital Library
- Susan Hohenberger and Brent Waters. 2018. Synchronized Aggregate Signatures from the RSA Assumption. In Advances in Cryptology - EUROCRYPT 2018, Part II (Lecture Notes in Computer Science, Vol. 10821), Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Heidelberg, Germany, Tel Aviv, Israel, 197--229. https://doi.org/10.1007/978-3-319-78375-8_7Google ScholarCross Ref
- Kazuharu Itakura and Katsuhiro Nakamura. 1983. A public-key cryptosystem suitable for digital multisignatures. NEC Research & Development 71 (1983), 1--8.Google Scholar
- Meenakshi Kansal and Ratna Dutta. 2020. Round Optimal Secure Multisignature Schemes from Lattice with Public Key Aggregation and Signature Compression. In AFRICACRYPT 20: 12th International Conference on Cryptology in Africa (Lecture Notes in Computer Science, Vol. 12174), Abderrahmane Nitaj and Amr M. Youssef (Eds.). Springer, Heidelberg, Germany, Cairo, Egypt, 281--300. https://doi.org/10.1007/978-3-030-51938-4_14Google ScholarDigital Library
- Zi-Yuan Liu, Yi-Fan Tseng, and Raylin Tso. 2020. Cryptanalysis of a round optimal lattice-based multisignature scheme. Cryptology ePrint Archive, Report 2020/1172. https://eprint.iacr.org/2020/1172.Google Scholar
- Vadim Lyubashevsky and Daniele Micciancio. 2008. Asymptotically Efficient Lattice-Based Digital Signatures. In TCC 2008: 5th Theory of Cryptography Conference (Lecture Notes in Computer Science, Vol. 4948), , Ran Canetti (Ed.). Springer, Heidelberg, Germany, San Francisco, CA, USA, 37--54. https://doi.org/10.1007/978-3-540-78524-8_3Google ScholarCross Ref
- Changshe Ma and Mei Jiang. 2019. Practical Lattice-Based Multisignature Schemes for Blockchains. IEEE Access, Vol. 7 (2019), 179765--179778. https://doi.org/10.1109/ACCESS.2019.2958816Google ScholarCross Ref
- Colin McDiarmid. 1989. On the Method of Bounded Differences. In Surveys in Combinatorics, 1989: Invited Papers at the Twelfth British Combinatorial Conference (London Mathematical Society Lecture Note Series, Vol. 141), Johannes Siemons (Ed.). Cambridge University Press, Norwich, UK, 148--188. https://doi.org/10.1017/CBO9781107359949.008Google ScholarCross Ref
- Silvio Micali, Kazuo Ohta, and Leonid Reyzin. 2001. Accountable-Subgroup Multisignatures: Extended Abstract. In ACM CCS 2001: 8th Conference on Computer and Communications Security, Michael K. Reiter and Pierangela Samarati (Eds.). ACM Press, Philadelphia, PA, USA, 245--254. https://doi.org/10.1145/501983.502017Google ScholarDigital Library
- Daniele Micciancio. 2007. Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions. computatinal complexity, Vol. 16, 4 (Dec. 2007), 365--411. https://doi.org/10.1007/s00037-007-0234-9Google ScholarDigital Library
- Chunyan Peng and Xiujuan Du. 2020. New Lattice-Based Digital Multi-signature Scheme. In 6th International Conference of Pioneering Computer Scientists, Engineers and Educators (CCIS, Vol. 1258). Springer, Heidelberg, Germany, Taiyuan, China, 129--137. https://doi.org/10.1007/978-981-15-7984-4_10Google ScholarCross Ref
- Peter W Shor. 1994. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science. Ieee, 124--134.Google ScholarDigital Library
Index Terms
- Chipmunk: Better Synchronized Multi-Signatures from Lattices
Recommendations
Two-Round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices
AbstractAlthough they have been studied for a long time, distributed signature protocols have garnered renewed interest in recent years in view of novel applications to topics like blockchains. Most recent works have focused on distributed versions of ...
Simple Schnorr multi-signatures with applications to Bitcoin
AbstractWe describe a new Schnorr-based multi-signature scheme (i.e., a protocol which allows a group of signers to produce a short, joint signature on a common message) called $$\mathsf {MuSig}$$, provably secure under the Discrete Logarithm assumption ...
Squirrel: Efficient Synchronized Multi-Signatures from Lattices
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityThe focus of this work are multi-signatures schemes in the synchronized setting. A multi-signature scheme allows multiple signatures for the same message but from independent signers to be compressed into one short aggregated signature, which allows ...
Comments