toplogo
로그인
통찰 - Computer Security and Privacy - # Post-Quantum Cryptography

Provably Secure Isogeny-Based Group and Accountable Ring Signatures in the Quantum Random Oracle Model


핵심 개념
This paper introduces the first provably secure group signature and accountable ring signature schemes based on isogenies that achieve security in the quantum random oracle model (QROM), offering a robust post-quantum alternative to lattice-based schemes.
초록
  • Bibliographic Information: Chung, K.-M., Hsieh, Y.-C., Huang, M.-Y., Huang, Y.-H., Lange, T., & Yang, B.-Y. (2024, November 19). Isogeny-based Group Signatures and Accountable Ring Signatures in QROM. arXiv. arXiv:2110.04795v4 [cs.CR]

  • Research Objective: This paper aims to construct the first provably secure group signatures (GS) and accountable ring signatures (ARS) based on isogeny-based assumptions in the quantum random oracle model (QROM).

  • Methodology: The authors introduce an intermediate primitive called the "openable sigma protocol" and demonstrate that any such protocol, when combined with the Fiat-Shamir transformation, yields secure GS and ARS schemes. They then construct a specific openable sigma protocol based on the decisional CSIDH assumption (D-CSIDH) and prove its security in the QROM, leveraging techniques like measure-and-reprogram and adaptive reprogramming.

  • Key Findings: The authors successfully construct the first provably QROM-secure ARS scheme from isogeny-based assumptions. They also achieve the first provably QROM-secure group signature and ring signature schemes, as ARS can be easily transformed into these primitives while preserving QROM security.

  • Main Conclusions: This work demonstrates the feasibility of constructing advanced cryptographic primitives like GS and ARS with group-action-based assumptions, even with their limited expressiveness compared to group-based assumptions. The proposed isogeny-based schemes offer a viable post-quantum alternative to existing lattice-based solutions, enhancing the resilience of cryptographic systems against quantum threats.

  • Significance: This research significantly advances the field of post-quantum cryptography by providing new constructions for essential cryptographic primitives based on the promising area of isogeny-based cryptography. It addresses the limitations of previous isogeny-based GS and ARS schemes that were only secure in the classical random oracle model (CROM) and were potentially vulnerable to quantum attacks.

  • Limitations and Future Research: The paper acknowledges the larger payload size of the proposed schemes as a trade-off for achieving QROM security. Future research could explore more efficient constructions or investigate the applicability of these techniques to other cryptographic primitives.

edit_icon

요약 맞춤 설정

edit_icon

AI로 다시 쓰기

edit_icon

인용 생성

translate_icon

소스 번역

visual_icon

마인드맵 생성

visit_icon

소스 방문

통계
인용구
"Our constructions are not only immune to the FSwA flaw but also provide stronger QROM security. As current QROM-secure ARS and GS schemes are mostly lattice-based, we offer a robust post-quantum alternative should lattice assumptions weaken."

더 깊은 질문

How does the efficiency of these new isogeny-based schemes compare to existing lattice-based GS and ARS schemes in the QROM, and how can the efficiency be further improved?

While this paper introduces the first isogeny-based group signatures (GS) and accountable ring signatures (ARS) with provable QROM security, a thorough efficiency comparison with existing lattice-based schemes isn't directly provided. However, we can infer some insights: Potential Advantages of Isogeny-based Schemes: Shorter Signature Sizes: Isogeny-based cryptography generally boasts shorter signature and key sizes compared to lattice-based schemes. This advantage might carry over to GS and ARS constructions, potentially leading to more compact signatures. Different Security Assumptions: Isogeny-based cryptography relies on different hardness assumptions than lattice-based cryptography. This diversity is crucial in a post-quantum world, as a breakthrough in one area wouldn't necessarily jeopardize the security of the other. Potential Disadvantages of Isogeny-based Schemes: Computational Overhead: Isogeny computations, particularly those involving large prime fields, can be computationally more demanding than operations in lattice-based schemes. This could lead to slower signing and verification times for isogeny-based GS and ARS. Limited Expressiveness: The lack of homomorphic properties in isogeny-based assumptions, as highlighted in the paper, can make certain cryptographic constructions more challenging. This limitation might hinder the development of more advanced or feature-rich GS and ARS schemes based on isogenies. Efficiency Improvements: Optimized Isogeny Computations: Research into faster algorithms for computing isogenies, particularly in the context of CSIDH, could directly translate to efficiency gains in isogeny-based GS and ARS. Tailored Sigma Protocol Design: Exploring alternative openable sigma protocol constructions with fewer rounds or smaller communication complexity could lead to more efficient isogeny-based schemes. Hybrid Approaches: Combining isogeny-based and lattice-based techniques might offer a balance between security, efficiency, and functionality. For instance, using lattices for certain components of the scheme while leveraging isogenies for their compact signature properties could be explored. Further Research: A concrete efficiency comparison involving implementation and benchmarking of both isogeny-based and lattice-based GS and ARS schemes in the QROM is crucial for a definitive assessment. This would provide valuable insights for future research directions and practical deployment considerations.

Could the openable sigma protocol framework be adapted to construct other post-quantum cryptographic primitives beyond group signatures and accountable ring signatures?

Yes, the openable sigma protocol framework introduced in this paper holds promise for constructing other post-quantum cryptographic primitives beyond GS and ARS. Its core features, particularly the ability to embed and extract specific information using a master secret key, open up possibilities for various applications: Identity-Based Encryption (IBE): The openable sigma protocol could potentially be adapted to construct IBE schemes. The master secret key could be used to extract the identity of the intended recipient from a ciphertext, ensuring secure decryption only by the authorized party. Attribute-Based Encryption (ABE): Similar to IBE, the framework could be extended to ABE, where the master secret key could be used to extract specific attributes embedded in a ciphertext, enabling fine-grained access control based on user attributes. Electronic Cash: The openable sigma protocol's ability to embed and reveal identities could be leveraged in electronic cash systems. The bank could act as the master, embedding user identities in digital coins, and selectively revealing them in case of double-spending attempts. Verifiable Credentials: The framework could be adapted to construct verifiable credential schemes, where issuers could embed specific attributes or claims within credentials, and verifiers could selectively reveal them using the master secret key, ensuring privacy while enabling trust and accountability. Challenges and Considerations: Adapting the openable sigma protocol framework to these primitives would require careful consideration of their specific security and functionality requirements. For instance, achieving collusion resistance in ABE or preventing double-spending in electronic cash would necessitate additional mechanisms and security proofs. Further Exploration: Investigating the applicability of the openable sigma protocol framework to other post-quantum cryptographic primitives is a promising research direction. This could lead to the development of novel and practical schemes with enhanced security and functionality in a post-quantum world.

What are the potential implications of a breakthrough in quantum algorithms that could potentially weaken the security of isogeny-based cryptography, and what alternative post-quantum cryptographic approaches could be explored in such a scenario?

A breakthrough in quantum algorithms that weakens or breaks the security of isogeny-based cryptography would have significant implications for the field of post-quantum cryptography: Potential Implications: Compromised Security: Current isogeny-based cryptographic schemes, including those for key exchange, digital signatures, and the GS and ARS presented in this paper, could become vulnerable to attacks by quantum adversaries. Loss of Trust: The perceived security of systems relying on isogeny-based cryptography would be diminished, potentially leading to a loss of trust in these systems. Need for Transition: A rapid transition to alternative post-quantum cryptographic approaches would become necessary to maintain the security and integrity of sensitive data and communications. Alternative Post-Quantum Cryptographic Approaches: In the event of a breakthrough in quantum algorithms affecting isogeny-based cryptography, several alternative post-quantum cryptographic approaches could be explored: Lattice-based Cryptography: This approach relies on the hardness of lattice problems, such as Learning With Errors (LWE) and Shortest Vector Problem (SVP), which are believed to be resistant to quantum attacks. Lattice-based cryptography offers a wide range of primitives, including encryption, signatures, and fully homomorphic encryption. Code-based Cryptography: This approach relies on the hardness of decoding random linear codes, a problem considered to be difficult even for quantum computers. Code-based cryptography is known for its efficient encryption schemes, such as McEliece and Niederreiter cryptosystems. Multivariate Cryptography: This approach relies on the hardness of solving systems of multivariate polynomial equations over finite fields. Multivariate cryptography offers potential for efficient signature schemes, such as Rainbow and Unbalanced Oil and Vinegar (UOV). Hash-based Cryptography: This approach relies on the security of cryptographic hash functions, which are generally considered to be quantum-resistant. Hash-based cryptography is known for its simple and efficient signature schemes, such as Lamport signatures and Merkle signature schemes. Mitigation Strategies: Cryptographic Agility: Designing and deploying cryptographic systems with the flexibility to switch between different cryptographic algorithms and implementations would be crucial for adapting to potential breakthroughs. Hybrid Approaches: Combining different post-quantum cryptographic approaches could offer increased security and resilience against attacks. Ongoing Research: Continued research into new post-quantum cryptographic approaches and the development of more efficient and secure implementations is essential for staying ahead of potential threats. Conclusion: While a breakthrough in quantum algorithms affecting isogeny-based cryptography would pose challenges, the field of post-quantum cryptography offers several promising alternative approaches. By embracing cryptographic agility, fostering ongoing research, and exploring hybrid approaches, we can mitigate potential risks and ensure the long-term security of our digital world.
0
star