Abstract
Since its introduction in 1984, identity-based signature (IBS) schemes have been studied in different settings. But, there are very few constructions available in the multivariate quadratic polynomials (MQ) setting. The existing IBS schemes in the MQ-setting are either less efficient or do not have any formal security reduction. In this paper, we investigate the problem of constructing an efficient and provably secure IBS scheme in the MQ-setting. Our starting point is the recent IBS scheme of Chen et al. which is very efficient but has some issues related to correctness and lacks a formal justification of security. We propose a modified construction that addresses the limitations of the Chen et al. proposal while retaining its efficiency. For the security reduction, we introduce a new cryptographic parameterized assumption in the MQ-setting. Our modified proposal allows any arbitrary bit string to be an identity and the size of the public parameters does not depend on the size of the universe of identities in contrast to the original proposal. Therefore, our modified scheme works as an unbounded IBS. Finally, we provide some justification towards the intractability of the newly introduced assumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Security of our proposal relies on this special case, if the attacker is not given any access to the key extraction oracle.
- 2.
If we write \(\widetilde{\mathcal {T}}_{\boldsymbol{z}}= (A_{\boldsymbol{z}}, \boldsymbol{a}_{\boldsymbol{z}})\), then \(\widetilde{\mathcal {T}}_{\boldsymbol{z}}\) is singular if and only if \(A_{\boldsymbol{z}}\) is singular.
- 3.
Although the authors considered a non-singular randomizer for each user, they, perhaps erroneously also mentioned that KDC will compute the randomizer via ID without detailing how, see [CLND19, pages 4 and 6].
- 4.
The formula in [Lev05] says that the probability of \(\widetilde{\mathcal {T}}_{\boldsymbol{z}}\) being non-singular is roughly \((1-1/q)\), where q is the size of the underlying field \(\mathbb {F}\). The formula needs the entries of \(\widetilde{\mathcal {T}}_{\boldsymbol{z}}\) to be uniformly and independently distributed over \(\mathbb {F}\), which is assumed to be the case in practice. A similar assumption was also considered in [SSH11, Beu21, Beu22]..
- 5.
This can also be viewed from the fact that \(\mathcal {MSK}\) has to contain the randomizer \(R_{\boldsymbol{z}}\) for each user with unique identifier \({\boldsymbol{z}}\).
- 6.
Note that in the construction, \(\textsf{tok}\) is not distributed uniformly, but it can be made negligibly-close to uniform distribution, if q is chosen sufficiently large. Sakumoto et al. [SSH11] also faced a similar issue while simulating salts in their reduction and they implicitly assumed that \(\mathcal {A}\) cannot distinguish the difference. Nonetheless, we assume that \(\mathcal {A}\) cannot distinguish between a uniform token and the token involved in the actual key-extraction.
- 7.
If for an identity \(\textsf{id}\), there are many tokens in \({Q_\textsf{ext}}\) then consider any one of them.
- 8.
One can alternate the choice of the blocks. It is also possible to randomly choose some of the entries of \(B_k\) (not necessarily block-wise) and find the expressions of the remaining entries.
- 9.
More precisely, all \(\textrm{c}_{ij}\)’s will be distributed uniformly and independently over \(\mathbb {F}\), if each entry of \(\widetilde{\mathcal {T}}\) is a random affine map in \({\boldsymbol{z}}\). This is due to the fact that each entry will now have an independently and uniformly chosen constant term.
References
Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348–373. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_13
Beullens, W.: Breaking rainbow takes a weekend on a laptop. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13508, pp. 464–479. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_16
Bettale, L., Faugére, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3(3), 177–197 (2009)
Barreto, P.S.L.M., Libert, B., McCullagh, N., Quisquater, J.-J.: Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 515–532. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_28
Choon, J.C., Hee Cheon, J.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_2
Chatterjee, S., Dimri, A., Pandit, T.: Identity-based signature and extended forking algorithm in the multivariate quadratic setting. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 387–412. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_18
Chen, M.-S., Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass \(\cal{MQ}\)-based identification to \(\cal{MQ}\)-based signatures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 135–165. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_5
Chen, J., Ling, J., Ning, J., Ding, J.: Identity-based signature schemes for multivariate public key cryptosystems. Comput. J. 62(8), 1132–1147 (2019)
Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_14
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M.: New differential-algebraic attacks and reparametrization of rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68914-0_15
Faugére, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1–3), 61–88 (1999)
Faugére, J.C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, pp. 75–83. Springer, Cham (2002). https://doi.org/10.1145/780506.780516
Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_15
Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055733
Levitskaya, A.A.: Systems of random equations over finite algebraic structures. Cybernetics and Sys. Anal 41(1), 67–93 (2005)
Van Luyen, L.: An improved identity-based multivariate signature scheme based on rainbow. Cryptography 3(1) (2019)
National Institute of Standards and Technology: Post-quantum crypto project (Second Round Submission) (2019). https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-2-submissions. Accessed 16 Aug 2022
National Institute of Standards and Technology: Post-quantum crypto project (Third Round Submission) (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. Accessed 16 Aug 2022
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Sakumoto, K., Shirai, T., Hiwatari, H.: On provable security of UOV and HFE signature schemes against chosen-message attack. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 68–82. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_5
Shen, W., Tang, S., Xu, L.: IBUOV, a provably secure identity-based UOV signature scheme. In: IEEE 16th International Conference on Computational Science and Engineering, LNCS, pp. 388–395. IEEE (2013)
Acknowledgement
We would like to thank Dr. M. Prem Laxman Das and the anonymous reviewers of Indocrypt 2022 for their comments and suggestions that helped us in polishing the technical and editorial content of this paper. This work is supported by the Ministry of Electronics and Information Technology, Government of India through its grants for the Center of Excellence in Quantum Technology at IISc Bangalore, India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chatterjee, S., Pandit, T. (2022). Efficient IBS from a New Assumption in the Multivariate-Quadratic Setting. In: Isobe, T., Sarkar, S. (eds) Progress in Cryptology – INDOCRYPT 2022. INDOCRYPT 2022. Lecture Notes in Computer Science, vol 13774. Springer, Cham. https://doi.org/10.1007/978-3-031-22912-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-031-22912-1_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22911-4
Online ISBN: 978-3-031-22912-1
eBook Packages: Computer ScienceComputer Science (R0)