Abstract:In certain designs and applications of practical lattice-based cryptography, one may need to use a special kind of LWE problems, in which the public matrix is sampled from some non-uniform distribution, to argue securities of corresponding schemes. Recently, Jia et al. formalized definitions of LWE problems with semi-uniform seeds, and proved corresponding hardness of Euclidean/ideal/module lattice-based LWE problems with semi-uniform seeds by using similar reduction roadmaps as those used to show the hardness of the so-called entropic LWE problems. However, Jia et al.’s reduction will introduce great losses in Gaussian parameters of errors and dimensions. Also, additional non-standard assumptions are needed to argue the hardness of semi-uniform LWE problems over rings. In this paper, we present a tighter reduction for LWE problems with semi-uniform seeds by modifying techniques used in proving the hardness of Hint-LWE problems. Our reductions are almost not affected by algebraic structures of corresponding problems, and could be applied to Euclidean/ideal/module lattice-based LWE problems with semi-uniform seeds uniformly. By using our methods, it is possible to prove the hardness of corresponding LWE problems with semi-uniform seeds based on standard LWE assumptions without introducing any additional non-standard assumption. Our reductions also keep the dimension of corresponding LWE problems unchanged. Meanwhile, the reduction loss of Gaussian parameters of corresponding LWE problems is relatively small.

Abstract:Digital signature algorithms play a vital role in network security infrastructure. Most of the current digital signature schemes are based on RSA and ECC . With the rapid development of quantum computing technology, digital signature schemes based on traditional public key cryptography will face security risks. Researching and deploying new cryptographic schemes that can resist quantum attacks has become an important research direction. After several rounds of evaluation and analysis, NIST announced the post-quantum digital signature standard ML-DSA in August 2024, and its core algorithm is Dilithium. In view of the characteristics of the high-dimensional polynomial matrix operation of Dilithum, this paper proposes a variety of optimization implementation methods based on the FPGA platform, including multifunctional systolic array operation units with configurable parameters, dedicated polynomial parallel sampling modules, reconfigurable storage unit design for multiple parameter sets, and high-parallel timing state machines for complex multi-modules, aiming to break through performance bottlenecks and achieve higher signature operation efficiency, and finally realize a digital signature hardware architecture that can support three security levels at the same time. Our hardware architecture was actually deployed on the Xilinx Artix-7 FPGA platform, and compared with existing similar works. The results show that, our design has improved the signature operation efficiency by 7.4 times, 8.3 times and 5.6 times at three security levels, respectively, which will provide the performance foundation for quantum-resistant digital signature services, and provide meaningful application value and reference significance for the relevant research about lattice cryptography engineering and practicality.

Abstract:Serving as a pivotal privacy preserving technology, group signatures provide robust anonymity assurances to users. However, general group signature schemes often rely on group managers who can open the identities of signers, a feature that conflicts with the decentralized property of blockchain and falls short of meeting stringent privacy requirements in certain applications. To address these limitations, we draw inspiration from double-authentic preventing signatures, group signatures with user-controlled linkability and group signatures with verifier local revocation signatures to propose a novel group signature scheme with user-controlled linkability and verifier revocation. This new scheme strikes an optimal balance between user privacy and platform management, providing a concrete instantiation based on lattices. We conduct security analysis under the random oracle model, which confirms that the proposed scheme satisfies selfless anonymity, traceability, and non-frameability. Performance evaluations indicate that the time costs and communication costs of our scheme are within an acceptable range, ensuring potential usage. Furthermore, we design a post-quantum secure medical data sharing system which integrates this advanced group signature scheme with blockchain technology.

Abstract:With the development of quantum computers, the public blockchain based on traditional elliptic curve digital signature will face disruptive security issues. The common solution is to apply post-quantum digital signature algorithms to blockchain systems. For the public blockchain adopting proof-of-work consensus mechanism, supporting computing power is also an important cornerstone of public blockchain security. How to save energy and maximize computing power support is an important research direction. This article proposes a post-quantum blockchain system with diversified computing power and independent post-quantum signature.
The Dilithium signature scheme is the preferred and universal post-quantum signature standard recommended by the NIST, and its security is based on the MLWE and MSIS problems on the power-of-two division ring. However, just as the Bitcoin blockchain initially adopted the EC-DSA standard signature algorithm but did not adopt the elliptic curve specified by the US NIST, the rich algebraic structure of the power-of-two cyclotomic rings poses greater risks and uncertainties for the long-term security of the post-quantum digital signatures on which the public blockchain is based. Large-Galois-group prime-degree prime-ideal field is a more conservative and secure post-quantum lattice-based cryptographic technology route with fewer algebraic structures. In this article, we adopt a Dilithium variant based on large-Galois-group prime-degree prime-ideal field: Dilithium-Prime, as the signature algorithm for the post-quantum blockchain system to provide high-confidence transaction signing post-quantum security.
To provide diversified computing power to maximize the computing power support of the post-quantum public blockchain and address the current dilemma of declining mining pool and miner income, we introduce a multi-parent chain auxiliary proof-of-work consensus mechanism that can request all computing power using Sha256 and Scrypt hash calculations to assist in consensus without adding additional work to existing miners and mining pools. This increases the source of computing power for the post-quantum blockchain and also improves the utilization rate of existing mining pools and miners. At the same time, we propose a block and transaction structure and difficulty adjustment algorithm adapted to this multi-parent chain auxiliary proof-of-work consensus mechanism, which can stabilize the block production ratio and block production time for different magnitudes of computing power, and effectively responding to extreme cases such as sudden increases or decreases in computing power to maintain the robustness of the system.

Abstract:SPHINCS⁺ is a stateless digital signature scheme based on hash function, which has been proven to be resistant to quantum computing attacks. However, due to the large number of signatures generated, SPHINCS⁺ is limited to its wide application in practice. In order to solve the problem of large length of signature value generated by WOTS+ one-time signature scheme in SPHINCS⁺ signature scheme, a new compact one-time signature scheme SM3-OTS based on SM3 algorithm is designed in this paper. The signature scheme uses the binary and hexadecimal information of the message digest value as the index of the node positions of the first 32 hash chains and the last 16 hash chains, respectively, which effectively shortens the key length and the length of the generated signature value of the traditional one-time signature scheme based on hash function. Compared with WOTS+ in SPHINCS⁺, Balanced WOTS+ in SPHINCS-α and WOTS+C in SPHINCS⁺C, SM3-OTS shortens the length of signature values by about 29%, 27% and 26% respectively, and the signature performance is significantly improved. At the same time, by adopting the SM3 algorithm, the SM3-OTS has good anti-quantum attack ability and maintains good comprehensive performance.

Abstract:Kyber is a Key Encapsulation Mechanism based on lattice problems, which was the first to be standardized by the National Institute of Standards and Technology (NIST) in 2023. Kyber-AKE is a weak forward-secure authenticated key exchange (AKE) constructed by the designers of Kyber, which derives session keys in two rounds using three IND-CCA secure key encapsulation mechanisms. This paper introduces Kyber-PFS-AKE. In Kyber-PFS-AKE, only IND-CPA secure public key encryption is used, and decryption errors in IND-CPA secure public key encryption are handled through the re-encryption technique in the FO transformation, thereby simplifying the design of post-quantum Kyber-AKE.
We rigorously prove that certain operations in the Kyber-AKE protocol are redundant, and after removing these redundancies, the protocol becomes simpler and more efficient. We prove the session key indistinguishability and perfect forward security of Kyber-PFS-AKE in the eCK-PFS-PSK model. Kyber-PFS-AKE is implemented using Kyber768.PKE with 165-bit quantum security. Experimental results show that, compared to Kyber-AKE, the initiator's computation time in Kyber-PFS-AKE is reduced by 38%, and the responder's computation time is reduced by 30%.

Abstract:With the widespread application of blockchain technology, authenticated storage, as its core component, plays an important role in ensuring data integrity and consistency. In traditional blockchain systems, authenticated storage verifies transactions and maintains the integrity of ledger status through a series of cryptographic algorithms. However, the emergence of quantum computers has made the existing blockchain authenticated storage technology face the threat of being cracked, which makes blockchain face the risk of data leakage and integrity damage. The most advanced authenticated storage technology is mainly based on the bilinear Diffie-Hellman assumption, which may become vulnerable to quantum attacks. In order to improve the security and efficiency of authenticated storage, this paper introduces a stateless hash signature technology and proposes a quantum-resistant blockchain authenticated storage scheme EQAS. This scheme decouples data storage and data authentication, uses random forest chains to efficiently generate commitment proofs, and performs efficient authentication through a hypertree structure. Security analysis shows that EQAS can resist attacks from quantum algorithms. By comparing with other authenticated storage schemes, experimental results verify the efficiency of the EQAS scheme and show its excellent performance in processing blockchain authenticated storage tasks.