Identity-based proxy re-signatures from lattices

Abstract

Proxy re-signature is an important cryptographic primitive in which a semi-trusted proxy is able to transform a delegatee's signature on some message into a delegator's signature on the same message, while the proxy itself cannot generate any signatures for either the delegatee or the delegator. The existing proxy re-signature schemes in the literature all rely on the hardness assumptions that can be easily solved by quantum algorithms. In this paper we present an identity-based proxy re-signature scheme from lattice assumptions. The scheme supports multi-use bidirectional conversion, and is provably secure in the random oracle model under conventional small integer solution assumption that is as hard as approximating several standard lattice problems. As the underlying lattice problems are intractable even for quantum computers, our scheme would work well in the quantum age.