Post-Quantum Two-party Adaptor Signature Based on Coding Theory

An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperabity issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and less limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures.

Post-Quantum Two-party Adaptor Signature Based on Coding Theory

An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperabity issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and less limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures.

Trapping Sets of Quantum LDPC Codes

Iterative decoders for finite length quantum low-density parity-check (QLDPC) codes are attractive because their hardware complexity scales only linearly with the number of physical qubits. However, they are impacted by short cycles, detrimental graphical configurations known as trapping sets (TSs) present in a code graph as well as symmetric degeneracy of errors. These factors significantly degrade the decoder decoding probability performance and cause so-called error floor. In this paper, we establish a systematic methodology by which one can identify and classify quantum trapping sets (QTSs) according to their topological structure and decoder used. The conventional definition of a TS from classical error correction is generalized to address the syndrome decoding scenario for QLDPC codes. We show that the knowledge of QTSs can be used to design better QLDPC codes and decoders. Frame error rate improvements of two orders of magnitude in the error floor regime are demonstrated for some practical finite-length QLDPC codes without requiring any post-processing.

DETECTING AND CORRECTING BYTE ERRORS IN DIGITAL DATA TRANSMISSION SYSTEMS

Обоснована необходимость разработки методического аппарата, связанного с построением кода, корректирующего ошибки в заданном числе байтов информации с алгебраическим синдромным декодированием и оценкой аппаратурных и временных затрат, связанных с этой целью. Представлены правила построения корректирующего кода, исправляющего ошибки в заданном числе байтов информации, реализующего линейную процедуру построения корректирующего кода с синдромным декодированием и использованием аддитивного вектора ошибок, что позволило сократить аппаратурные затраты на построение декодирующего устройства (сократить объем памяти для хранения значений векторов ошибок). Получены выражения для оценки аппаратурных затрат на кодирование и декодирование информации при использовании предлагаемого метода коррекции пакетных ошибок. The necessity of developing a methodological apparatus related to the construction of a code that corrects errors in a given number of bytes of information with algebraic syndrome decoding and the estimation of hardware and time costs associated with this purpose is justified. The rules for constructing a correction code that corrects errors in a given number of bytes of information, implementing a linear procedure for constructing a correction code with syndrome decoding and using an additive error vector, are presented. This method made it possible to reduce the hardware costs for constructing a decoding device (reducing the amount of memory for storing the values of error vectors). Expressions are obtained for estimating the hardware costs of encoding and decoding information when using the proposed method of correcting packet errors.

Group Signature with Verifier-Local Revocation Based on Coding Theory

Group signature with verifier-local revocation (VLR-GS) is a special variant of revocable group signature that not only allows a user to anonymously sign messages but also only requires the verifiers to possess some up-to-date revocation information. To date, a number of VLR-GS schemes have been proposed under bilinear groups and lattices, while they have not yet been instantiated based on coding theory. In this paper, we present a code-based VLR-GS scheme in the random oracle model, which is the first construction to the best of our knowledge. Concretely, our VLR-GS scheme does not rely on the traditional paradigm which utilizes an encryption scheme as a building block and achieves logarithmic-size group signature. To obtain the scheme, we first introduce a new code-based Stern-like interactive zero-knowledge protocol with member revocation mechanism based on syndrome decoding problem. Moreover, we employ the binary Goppa code embedded for our scheme with efficiency and security analysis.

METHOD OF PROTECTING INFORMATION PROCESSING DEVICES OF DIGITAL DATA TRANSMISSION SYSTEMS FROM SINGLE BYTE ERRORS

Предложена регулярная процедура адаптации кода, исправляющего одиночные байтовые ошибки, с целью обнаружения и коррекции байтовых ошибок в арифметико-логических устройствах(АЛУ) процессоров информационно-измерительных систем. Выявлены закономерности, определяющие соотношения между арифметико-логическими операциями и значениями контрольных разрядов линейного кода относительно данных операций. Показано, что эти закономерности позволяют сформулировать правила получения значений поправок к контрольным разрядам кода для обнаружения и коррекции одиночных байтовых ошибок при использовании алгебраического линейного кода с синдромным декодированием. Предлагаемый метод защиты от одиночных байтовых ошибок устройств обработки информации позволяет минимизировать влияние кодирования (декодирования) информации на быстродействие АЛУ процессора за счет замены циклической процедуры кодирования информации на алгебраическую с синдромным декодированием. A regular procedure for adapting the code that corrects single bit errors for detecting and correcting byte errors in arithmetic-logic units (ALU) of information and measurement system processors is proposed. The regularities that determine the relations between arithmetic logical operations and the values of the control digits of the linear code relative to these operations are revealed. It is shown that these regularities allow us to formulate rules for obtaining correction values of code control bits for detecting and correcting single byte errors when using an algebraic linear code with syndrome decoding. The proposed method of protection against single bit errors of information processing devices allows minimizing the impact of encoding (decoding) information on the performance of the ALU processor by replacing the cyclic information encoding procedure with an algebraic one with syndrome decoding.

A New Code-Based Blind Signature Scheme

Blind signature is an important cryptographic primitive with widespread applications in secure e-commerce, for example to guarantee participants’ anonymity. Existing blind signature schemes are mostly based on number-theoretic hard problems, which have been shown to be solvable with quantum computers. The National Institute of Standards and Technology (NIST) began in 2017 to specify a new standard for digital signatures by selecting one or more additional signature algorithms, designed to be secure against attacks carried out using quantum computers. However, none of the third-round candidate algorithms are code-based, despite the potential of code-based signature algorithms in resisting quantum computing attacks. In this paper, we construct a new code-based blind signature (CBBS) scheme as an alternative to traditional number-theoretic based schemes. Specifically, we first extend Santoso and Yamaguchi’s three pass identification scheme to a concatenated version (abbreviated as the CSY scheme). Then, we construct our CBBS scheme from the CSY scheme. The security of our CBBS scheme relies on hardness of the syndrome decoding problem in coding theory, which has been shown to be NP-complete and secure against quantum attacks. Unlike Blazy et al.’s CBBS scheme which is based on a zero-knowledge protocol with cheating probability $2/3$, our CBBS scheme is based on a zero-knowledge protocol with cheating probability $1/2$. The lower cheating probability would reduce the interaction rounds under the same security level and thus leads to a higher efficiency. For example, to achieve security level $2^{-82}$, the signature size in our CBBS scheme is $1.63$ MB compared to $3.1$ MB in Blazy et al.’s scheme.