Efficient Ring Signature Scheme Without Random Oracle from Lattices

Abstract

Among post-quantum alternatives, latticebased cryptography is the most promising one, due to its simple operations, reduction from aver-age-case to worstcase hardness, and supporting of rich functionalities. Ring signature enables a user to sign anonymously on behalf of an adaptively chosen group, and has multiple applications in anonymous e-voting, anonymous authentication, whistle blowing etc. However, most lattice-based ring signature schemes were constructed in the random oracle model from lattice basis delegation and they suffer large verification key sizes as a common disadvantage. This work proposes an efficient ring signature scheme from lattice basis delegation without random oracle based on the extended split-SIS problem, whose security is approximately as hard as the worst-case SIVP problem. Our scheme is proved to be anonymous and existentially unforgeable under latticebased assumptions. Finally, the verification key size is significantly reduced to a small constant, instead of increasing linearly with the number of ring members.