Abstract
In this paper, we propose a practical signature scheme based on the alternating trilinear form equivalence problem. Our scheme is inspired by the Goldreich-Micali-Wigderson’s zero-knowledge protocol for graph isomorphism, and can be served as an alternative candidate for the NIST’s post-quantum digital signatures.
First, we present theoretical evidences to support its security, especially in the post-quantum cryptography context. The evidences are drawn from several research lines, including hidden subgroup problems, multivariate cryptography, cryptography based on group actions, the quantum random oracle model, and recent advances on isomorphism problems for algebraic structures in algorithms and complexity.
Second, we demonstrate its potential for practical uses. Based on algorithm studies, we propose concrete parameter choices, and then implement a prototype. One concrete scheme achieves 128 bit security with public key size \(\approx 4100\) bytes, signature size \(\approx 6800\) bytes, and running times (key generation, sign, verify) \(\approx 0.8\) ms on a common laptop computer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In [4] this is called weak pseudorandom group actions.
- 2.
In [46] an algorithm in such time was presented for CFI, but its algorithmic idea can be readily applied to ATFE.
- 3.
Processor: 2.6 GHz 18-core Intel(R) Xeon(R) Gold 6132; Memory 87 GB.
- 4.
We would like to thank Charles Bouillaguet for his help with understanding these methods here.
- 5.
- 6.
References
Agrawal, M., Saxena, N.: Automorphisms of finite rings and applications to complexity of problems. In: Diekert, V., Durand, B. (eds.) STACS 2005. LNCS, vol. 3404, pp. 1–17. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31856-9_1
Agrawal, M., Saxena, N.: Equivalence of f-algebras and cubic forms. In: Durand, B., Thomas, W. (eds.) STACS 2006. LNCS, vol. 3884, pp. 115–126. Springer, Heidelberg (2006). https://doi.org/10.1007/11672142_8
Alagic, G., et al.: Status report on the second round of the NIST post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology (2020)
Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 411–439. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_14
Atkinson, M.D.: Alternating trilinear forms and groups of exponent 6. J. Aust. Math. Soc. 16(1), 111–128 (1973)
Babai, L.: Graph isomorphism in quasipolynomial time [extended abstract]. In: STOC 2016, pp. 684–697 (2016)
Bai, S., et al.: Crystals-dilithium: algorithm specifications and supporting documentation (version 3.1) (2021). https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. PhD thesis, Université Pierre et Marie Curie-Paris VI (2004)
Bardet, M., Faugère, J.C., Salvy, B., Yang, B.Y.: Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. In: Proceedings of the MEGA, vol. 5 (2005)
Berthomieu, J., Faugère, J.-C., Perret, L.: Polynomial-time algorithms for quadratic isomorphism of polynomials: the regular case. J. Complex. 31(4), 590–616 (2015)
Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9
Bellare, M., Neven, G.: Multi-signatures in the plain public-Key model and a general forking lemma. In: CCS 2006, pp. 390–399 (2016)
Bonnetain, X., Schrottenloher, A.: Quantum security analysis of CSIDH. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 493–522. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_17
Bouillaguet, C.: Etudes d’hypotheses algorithmiques et attaques de primitives cryptographiques. PhD thesis, PhD thesis, Université Paris-Diderot-École Normale Supérieure (2011)
Bouillaguet, C., Faugère, J.-C., Fouque, P.-A., Perret, L.: Practical cryptanalysis of the identification scheme based on the isomorphism of polynomial with one secret problem. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 473–493. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_29
Bouillaguet, C., Fouque, P.-A., Véber, A.: Graph-theoretic algorithms for the “isomorphism of polynomials’’ problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 211–227. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_13
Brassard, G., Yung, M.: One-way group actions. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 94–107. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_7
Brooksbank, P.A., Li, Y., Qiao, Y., Wilson, J.B.: Improved algorithms for alternating matrix space isometry: from theory to practice. In: 28th ESA 2020, pp. 26:1–26:15 (2020)
Brooksbank, P.A., Maglione, J., Wilson, J.B.: A fast isomorphism test for groups whose Lie algebra has genus 2. J. Algebra 473, 545–590 (2017)
Buss, J.F., Frandsen, G.S., Shallit, J.O.: The computational complexity of some problems of linear algebra. J. Comput. Syst. Sci. 58(3), 572–596 (1999)
Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_27
Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15
Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1–29 (2014)
Cohen, A.M., Helminck, A.G.: Trilinear alternating forms on a vector space of dimension 7. Commun. Algebra 16(1), 1–25 (1988)
Couveignes, J.M.: Hard homogeneous spaces. IACR Cryptology ePrint Archive (2006)
Crandall, R.E.: Method and apparatus for public key exchange in a cryptographic system. U.S. Patent number 5159632 (1992)
De Feo, L., Kohel, D., Leroux, A., Petit, C., Wesolowski, B.: SQISign: compact post-quantum signatures from quaternions and isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 64–93. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_3
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the fiat-shamir transformation in the quantum random-oracle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 356–383. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_13
Draisma, J., Shaw, R.: Some noteworthy alternating trilinear forms. J. Geom. 105(1), 167–176 (2013). https://doi.org/10.1007/s00022-013-0202-2
El Kaafarani, A., Katsumata, S., Pintore, F.: Lossy CSI-FiSh: efficient signature scheme with tight reduction to decisional CSIDH-512. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 157–186. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_6
Erdős, P., Rényi, A.: Asymmetric graphs. Acta Math. Hung. 14(3–4), 295–315 (1963)
Faugère, J.-C.: A new efficient algorithm for computing gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, pp. 75–83 (2002)
Faugere, J.-C., El Din, M.S., Spaenlehauer, P.-J.: Computing loci of rank defects of linear matrices using gröbner bases and applications to cryptology. In: ISSAC 2010, pp. 257–264 (2010)
Faugere, J.-C., El Din, M.S., Spaenlehauer, P.-J.: On the complexity of the generalized minrank problem. J. Symb. Comput. 55, 30–58 (2013)
Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_16
Faugère, J.-C., Perret, L.: Polynomial equivalence problems: algorithmic and theoretical aspects. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 30–47. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_3
De Feo, L., Galbraith, S.D.: SeaSign: compact isogeny signatures from class group actions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 759–789. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_26
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Fouque, P.-A., et al.: Falcon: fast-fourier lattice-based compact signatures over NTRU (specification v1.2) (2020). https://falcon-sign.info/falcon.pdf
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991)
Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_4
Grigni, M., Schulman, L.J., Vazirani, M., Vazirani, U.V.: Quantum mechanical algorithms for the nonabelian hidden subgroup problem. Comb. 24(1), 137–154 (2004)
Grochow, J.A., Qiao, Y.: On the complexity of isomorphism problems for tensors, groups, and polynomials I: tensor isomorphism-completeness. In: ITCS 2021, pp. 31:1–31:19 (2021)
Grochow, J.A., Qiao, Y.: On p-group isomorphism: search-to-decision, counting-to-decision, and nilpotency class reductions via tensors. In: CCC 2021, pp. 16:1–16:38 (2021)
Grochow, J.A., Qiao, Y., Tang, G.: Average-case algorithms for testing isomorphism of polynomials, algebras, and multilinear forms. In: STACS 2021, pp. 38:1–38:17 (2021)
Grover, L.K.: A fast quantum mechanical algorithm for database search. In Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, pp. 212–219 (1996)
Hallgren, S., Moore, C., Rötteler, M., Russell, A., Sen, P.: Limitations of quantum coset states for graph isomorphism. J. ACM 57(6):34:1–34:33 (2010)
Håstad, J.: Tensor rank is NP-complete. J. Algorithms 11(4), 644–654 (1990)
Hora, J., Pudlák, P.: Classification of 8-dimensional trilinear alternating forms over gf (2). Commun. Algebra 43(8), 3459–3471 (2015)
Ivanyos, G., Qiao, Y.: Algorithms based on *-algebras, and their applications to isomorphism of polynomials with one secret, group isomorphism, and polynomial identity testing. SIAM J. Comput. 48(3), 926–963 (2019)
Beullens, W., et al.: SPHINCS+: submission to the NIST post-quantum project, vol. 3 (2020). https://sphincs.org/data/sphincs+-round3-specification.pdf
Ji, Z., Qiao, Y., Song, F., Yun, A.: General linear group action on tensors: a candidate for post-quantum cryptography. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 251–281. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_11
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_2
Köbler, J., Schöning, U., Torán, J.: The graph isomorphism problem. Basel Birkhüser (1993)
Kuperberg, G.: A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. SIAM J. Comput. 35(1), 170–188 (2005)
Kuperberg, G.: Another subexponential-time quantum algorithm for the dihedral hidden subgroup problem. In: TQC 2013, pp. 20–34 (2013)
Li, Y., Qiao, Y.: Linear algebraic analogues of the graph isomorphism problem and the Erdős-Rényi model. In: FOCS 2017, pp. 463–474. IEEE Computer Society (2017)
Liu, Q., Zhandry, M.: Revisiting post-quantum Fiat-Shamir. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 326–355. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_12
Waterloo, Ontario: Maplesoft, a division of Waterloo Maple Inc., Maple (2020.2) (2020)
McKay, B.D.: Practical graph isomorphism. Congr. Numer. 30, 45–87 (1980)
McKay, B.D., Piperno, A.: Practical graph isomorphism II. J. Symb. Comput. 60, 94–112 (2014)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21
Midoune, N., Noui, L.: Trilinear alternating forms on a vector space of dimension 8 over a finite field. Linear Multilinear Algebra 61(1), 15–21 (2013)
Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)
Moore, C., Russell, A., Schulman, L.J.: The symmetric group defies strong fourier sampling. SIAM J. Comput. 37(6), 1842–1864 (2008)
Moore, C., Russell, A., Vazirani, U.: A classical one-way function to confound quantum adversaries. arXiv preprint quant-ph/0701115 (2007)
Moody, D.: The Homestretch: the beginning of the end of the NIST PQC 3rd Round, PQCrypto (2021). https://pqcrypto2021.kr/download/program/2.2_PQCrypto2021.pdf
O’Brien, E.A.: Isomorphism testing for \(p\)-groups. J. Symb. Comput. 17(2), 133–147 (1994)
Patarin, J.: hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_4
Peikert, C.: He gives C-sieves on the CSIDH. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 463–492. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_16
Plantard, T.: Efficient word size modular arithmetic. IEEE Trans. Emerg. Top. Comput. 9(3), 1506–1518 (2021)
Regev, O.: Quantum computation and lattice problems. SIAM J. Comput. 33(3), 738–760 (2004)
Schulman, L.J.: Cryptography from tensor problems. IACR Cryptol. ePrint Arch. 2012, 244 (2012)
Seiler, G.: Faster AVX2 optimized NTT multiplication for Ring-LWE lattice cryptography. IACR Cryptol. ePrint Arch. 2018, 039 (2018)
Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Trans. Inf. Theory 46(4), 1193–1203 (2000)
Chen, M.S., et al.: Rainbow signature: one of the three nist post-quantum signature finalists (2021). https://www.pqcrainbow.org/
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Stolbunov, A.: Cryptographic schemes based on isogenies. PhD thesis, Norwegian University of Science and Technology (2012)
Wilson, J.B.: Decomposing \(p\)-groups via Jordan algebras. J. Algebra 322(8), 2642–2679 (2009)
Wright, E.M.: Graphs on unlabelled nodes with a given number of edges. Acta Math. 126(1), 1–9 (1971)
Yeh, J.Y.-C., Cheng, C.-M., Yang, B.-Y.: Operating degrees for XL vs. F4/F5 for generic \(\cal{M}Q\) with number of equations linear in that of variables. In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 19–33. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42001-6_3
Acknowledgement
We thank the reviewers for their careful reading and several questions and suggestions. Y.Q. was partly supported by the Australian Research Council Discovery Projects DP200100950. D.H.D. and W.S. were partly supported by the Australian Research Council Linkage Projects LP190100984. A.J. was supported by the European Union’s H2020 Programme under grant agreement number ERC-669891.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Tang, G., Duong, D.H., Joux, A., Plantard, T., Qiao, Y., Susilo, W. (2022). Practical Post-Quantum Signature Schemes from Isomorphism Problems of Trilinear Forms. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13277. Springer, Cham. https://doi.org/10.1007/978-3-031-07082-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-07082-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07081-5
Online ISBN: 978-3-031-07082-2
eBook Packages: Computer ScienceComputer Science (R0)