Lattice-based strong designated verifier signature with non-delegatability

Abstract

Strong designated verifier signature (SDVS) is a special type of digital signatures which provides authentication of a message without providing non-repudiation property. More specifically, SDVS can enable that it is impossible for any entity, other than the designated verifier, to recognize the validity of a given signature. Although there have been several proposals of lattice-based SDVS schemes since the first non-quantum resistant scheme proposed by Jakobsson et al. at EUROCRYPT 1996, all the existing lattice-based ones cannot achieve a security notion called non-delegatablity (ND), which was an essential property introduced by Lipmaa et al. at ICALP 2005 when considering an SDVS in scenarios where the responsibility of the signer is important and the signing rights cannot be delegated to another entity. Therefore, in this work, we provide the first lattice-based SDVS scheme that offers non-delegatablity (i.e., neither the signer nor the designated verifier can delegate the signing rights to other entities without the revealment of their corresponding private keys), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Lyubashevsky’s lattice signatures without trapdoors at EUROCRYPT 2012 - which is arguably the first practical alternative method in general lattices for designing digital signatures not adopting the “hash-and-sign” methodology, we introduce simple-but-insightful tweaks allowing to upgrade it directly into an SDVS with non-delegatablity. The scheme satisfies the strong security requirements of Lipmaa et al.’s model and is proven secure in the random oracle model under the short integer solution (SIS) and the learning with errors (LWE) assumptions.