Lossy CSI-FiSh: Efficient signature scheme with tight reduction to decisional CSIDH-512

Conference item

Abstract:: Recently, Beullens, Kleinjung, and Vercauteren (Asiacrypt'19) provided the first practical isogeny-based digital signature, obtained from the Fiat-Shamir (FS) paradigm. They worked with the CSIDH-512 parameters and passed through a new record class group computation. However, as with all standard FS signatures, the security proof is highly non-tight and the concrete parameters are set under the heuristic that the only way to attack the scheme is by finding collisions for a hash function. In this paper, we propose an FS-style signature scheme, called Lossy CSI-FiSh, constructed using the CSIDH-512 parameters and with a security proof based on the "Lossy Keys" technique introduced by Kiltz, Lyubashevsky and Schaffner (Eurocrypt'18). Lossy CSI-FiSh is provably secure under the same assumption which underlies the security of the key exchange protocol CSIDH (Castryck et al. (Asiacrypt'18)) and is almost as efficient as CSI-FiSh. For instance, aiming for small signature size, our scheme is expected to take around ≈800ms to sign/verify while producing signatures of size ≈280 bytes. This is only twice slower than CSI-FiSh while having similar signature size for the same parameter set. As an additional benefit, our scheme is by construction secure both in the classical and quantum random oracle model.

Files:: Kaafarani et al Lossy CSI-FiSh.pdf

(Preview, Accepted manuscript, 460.8KB, Terms of use)

Publisher:: Springer Verlag
Series:: Lecture Notes in Computer Science
Series number:: 12111
Publication date:: 2020-04-29
Acceptance date:: 2020-01-19
Event title:: IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC) 2020
Event location:: Edinburgh, Scotland
Event website:: https://pkc.iacr.org/2020/index.html
Event start date:: 2020-05-04
Event end date:: 2020-05-07
DOI:: 10.1007/978-3-030-45388-6_6
ISSN:: 0302-9743
EISBN:: 9783030453886
ISBN:: 9783030453879

Copyright holder:: International Association for Cryptologic Research
Notes:: This paper has been accepted for presentation at the International Conference on Practice and Theory in Public-Key Cryptography (PKC), 04-07 May 2020, Edinburgh, Scotland. This is the accepted manuscript version of the article. The final version is available online from Springer at: https://doi.org/10.1007/978-3-030-45388-6_6

Licence:: Terms and Conditions of Use for Oxford University Research Archive

If you are the owner of this record, you can report an update to it here: Report update to this record