, Generate the RGSW public and secret keys: PK RGSW and SSK RGSW
, Sample a challenge ? R ? {f ? R 2 | deg f < ?}, compute its encryption C ? = RGSW.Encrypt(PK RGSW , ?
, Output the secret veri cation key SVK = SSK RGSW and the public key PK = (ck
,
Commit(ck, µ ? ; r ? ) and c b = Com.Commit(ck, µ ? ,
,
, ? C ? the RGSW encryption of ? = ?µ + µ ?
the RGSW encryption of r ? , the randomness of ? = ?µ + µ ?, p.88 ,
, Lattice-based Designated-Veri able NIZK Argument and Application to a Voting Scheme, Chapter
0 the RGSW encryption of r 0 , the randomness of (? ? ?)µ + µ ? ,
, Output the proof ? = (c ? , c ? , C ? , C r? , C r 0 )
To verify the proof, 1. Compute ? = RGSW.Decrypt(SSK RGSW , C ? ) ,
, Decrypt also C r? and C r 0 , verify that all the randomness are small
Decrypt(SSK RGSW , C ? ), verify that: ? · c + c ? = Com.Commit(ck, ? ,
, In the Setup algorithm, we have to encrypt n/? challenges (? k ) k?[0, n/? ) and denote by C ? k their RGSW encryption. Indeed, we use the extractor of the ?-protocol to be able to show the culpable soundness property of the DVNIZK scheme
Tightly-Secure Signatures from Lossy Identi cation Schemes, Lecture Notes in Computer Science, vol.7237, pp.572-590, 2012. ,
, Selected Areas in Cryptography, vol.8781, pp.20-37, 2014.
Generating Hard Instances of Lattice Problems (Extended Abstract), STOC. ACM, p.78, 1996. ,
1-out-of-n Signatures from a Variety of Keys, Lecture Notes in Computer Science, vol.2501, p.60, 2002. ,
On Lovász' lattice reduction and the nearest lattice point problem, Combinatorica 6, vol.1, p.84, 1986. ,
New bounds in some transference theorems in the geometry of numbers, Mathematische Annalen, vol.296, p.81, 1993. ,
E cient Selective-ID Secure Identity-Based Encryption Without Random Oracles, Lecture Notes in Computer Science, vol.3027, pp.223-238, 2004. ,
Sub-linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits, CRYPTO (2), vol.10992, p.78, 2018. ,
, Short Group Signatures. In: CRYPTO, vol.3152, p.19, 2004.
,
Short Accountable Ring Signatures Based on DDH, ESORICS (1), vol.9326, p.61, 2015. ,
Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures, ASIACRYPT, Part I, p.78, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01084737
How to Prove Knowledge of Small Secrets, CRYPTO (3), vol.9816, p.78, 2016. ,
E cient Commitments and Zero-Knowledge Protocols from Ring-SIS with Applications to Lattice-based Threshold Cryptosystems, IACR Cryptology ePrint Archive, p.78, 2016. ,
Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract), STOC. ACM, vol.77, p.52, 1988. ,
On Notions of Security for Deterministic Encryption, and E cient Constructions without Random Oracles, Lecture Notes in Computer Science, vol.5157, p.16, 2008. ,
Circular-Secure Encryption from Decision Di e-Hellman, Lecture Notes in Computer Science, vol.5157, p.22, 2008. ,
, Practical Signatures from Standard Assumptions. In: EURO-CRYPT, vol.7881, p.28, 2013.
Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening, Lecture Notes in Computer Science, vol.5479, pp.1-35, 2009. ,
A Framework for E cient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model, IACR Cryptology ePrint Archive 2010, p.60, 2010. ,
E cient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings, pp.305-325, 2015. ,
Ring Signatures: Stronger De nitions, and Constructions Without Random Oracles, Lecture Notes in Computer Science, vol.3876, p.61, 2006. ,
Hierarchical) Identity-Based Encryption from A ne Message Authentication, CRYPTO (1), vol.8616, p.35, 2014. ,
Simple Amortized Proofs of Shortness for Linear Relations over Polynomial Rings, IACR ePrint Archive 2017, p.78, 2017. ,
Accountable certi cate management using undeniable attestations, ACM Conference on Computer and Communications Security, p.60, 2000. ,
One-Way Accumulators: A Decentralized Alternative to Digital Sinatures, Extended Abstract). In: EUROCRYPT, vol.765, p.60, 1993. ,
Reusable cryptographic fuzzy extractors, ACM Conference on Computer and Communications Security, p.22, 2004. ,
, Xavier Boyen. Mesh Signatures. In: EUROCRYPT, vol.4515, p.60, 2007.
Random Oracles are Practical: A Paradigm for Designing E cient Protocols, ACM Conference on Computer and Communications Security, vol.57, p.23, 1993. ,
The Exact Security of Digital Signatures -HOw to Sign with RSA and Rabin, Lecture Notes in Computer Science, vol.1070, p.61, 1996. ,
Encryption-Scheme Security in the Presence of Key-Dependent Messages, Selected Areas in Cryptography, vol.2595, p.19, 2002. ,
Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting, Lecture Notes in Computer Science, vol.6841, p.16, 2011. ,
Threshold Ring Signatures and Applications to Ad-hoc Groups, Lecture Notes in Computer Science, vol.2442, p.60, 2002. ,
Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages, CRYPTO 2011, vol.6841, p.78, 2011. ,
Shrinking the Keys of Discrete-Log-Type Lossy Trapdoor Functions, Lecture Notes in Computer Science, vol.6123, pp.35-52, 2010. ,
Proofs of Partial Knowledge and Simpli ed Design of Witness Hiding Protocols, Lecture Notes in Computer Science, vol.839, p.60, 1994. ,
Amortized Complexity of Zero-Knowledge Proofs Revisited: Achieving Linear Soundness Slack, EUROCRYPT (1), vol.10210, p.91, 2017. ,
Making Sigma-Protocols Non-interactive Without Random Oracles, In: PKC, vol.9020, pp.91-93, 2015. ,
A Homomorphic LWE Based E-voting Scheme, Lecture Notes in Computer Science, vol.9606, p.80, 2016. ,
URL : https://hal.archives-ouvertes.fr/cea-01832761
Ring Signatures of Sub-linear Size Without Random Oracles, Lecture Notes in Computer Science, vol.4596, p.60, 2007. ,
, Group Signatures. In: EUROCRYPT, vol.547, p.52, 1991.
Strong Accumulators from Collision-Resistant Hashing, vol.5222, p.60, 2008. ,
On Signatures of Knowledge, Lecture Notes in Computer Science, vol.4117, p.60, 2006. ,
On the Exact Security of Full Domain Hash, Lecture Notes in Computer Science, vol.1880, p.61, 2000. ,
Modular Design of Secure, yet Practical Cryptographic Protocols, Doctoral thesis, p.11, 1996. ,
Fully, (Almost) Tightly Secure IBE and Dual System Groups, Lecture Notes in Computer Science, vol.8043, issue.2 ,
Non-interactive Zero-Knowledge from Homomorphic Encryption, In: TCC, vol.3876, p.77, 2006. ,
Public-Key Encryption Schemes with Auxiliary Inputs, In: TCC, vol.5978, p.82, 2010. ,
New directions in cryptography, IEEE Trans. Information Theory, vol.22, pp.644-654, 1976. ,
A Generalisation, a Simpli cation and Some Applications of Paillier's Probabilistic Public-Key System, Public Key Cryptography, vol.1992, p.52, 2001. ,
Anonymous Identi cation in Ad Hoc Groups, Lecture Notes in Computer Science, vol.3027, p.60, 2004. ,
Magic Functions, FOCS. IEEE Computer Society, p.22, 1999. ,
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, Lecture Notes in Computer Science, vol.3027, p.22, 2004. ,
More Constructions of Lossy and Correlation-Secure Trapdoor Functions, Public Key Cryptography, vol.6056 ,
Fault Attacks on E cient Pairing Implementations, AsiaCCS. ACM, pp.641-650, 2016. ,
How to Prove Yourself: Practical Solutions to Identi cation and Signature Problems, Lecture Notes in Computer Science, vol.263, p.61, 1986. ,
All-But-Many Encryption -A New Framework for Fully-Equipped UC Commitments, Lecture Notes in Computer Science, vol.8874, issue.2, p.22, 2014. ,
Fully homomorphic encryption using ideal lattices, STOC ,
Kurosawa-Desmedt Meets Tight Security, CRYPTO (3), vol.10403 ,
URL : https://hal.archives-ouvertes.fr/hal-01599757
,
Tightly CCA-Secure Encryption Without Pairings, EUROCRYPT (1), vol.9665, p.23, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01302516
A Signature Scheme as Secure as the Di e-Hellman Problem, Lecture Notes in Computer Science, vol.2656, p.61, 2003. ,
One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin, Lecture Notes in Computer Science, vol.9057, issue.2, pp.57-65, 2015. ,
A Ring Signature of size ?(sqrt[3]{n}) without Random Oracles, IACR Cryptology ePrint Archive 2017, p.60, 2017. ,
E cient Non-interactive Proof Systems for Bilinear Groups, Lecture Notes in Computer Science, vol.4965 ,
Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based, CRYPTO (1), vol.8042, pp.75-92, 2013. ,
Tightly Secure Signatures and Public-Key Encryption, Lecture Notes in Computer Science, vol.7417, p.23, 2012. ,
Programmable Hash Functions and Their Applications, Lecture Notes in Computer Science, vol.5157, p.33, 2008. ,
On Tightly Secure Primitives in the Multi-instance Setting, Public Key Cryptography (1), vol.11442, p.23, 2019. ,
Extended-DDH and Lossy Trapdoor Functions, Public Key Cryptography, vol.7293, p.16, 2012. ,
All-But-Many Lossy Trapdoor Functions, Lecture Notes in Computer Science, vol.7237, pp.209-227, 2012. ,
, Circular Chosen-Ciphertext Security with Compact Ciphertexts. In: EUROCRYPT, vol.7881, pp.22-25, 2013.
Algebraic Partitioning: Fully Compact and (almost) Tightly Secure Cryptography, TCC (A1), vol.9562, p.23, 2016. ,
Lecture Notes in Computer Science, EUROCRYPT (3), vol.10212, p.23, 2017. ,
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces, ASIACRYPT (1), vol.8269, p.28, 2013. ,
SHIELD: Scalable Homomorphic Implementation of Encrypted Data-Classi ers, IEEE Trans. Computers, vol.65, p.84, 2016. ,
Optimal Security Proofs for Full Domain Hash, Lecture Notes in Computer Science, vol.7237 ,
About the Security of MTI/C0 and MQV, Lecture Notes in Computer Science, vol.4116, pp.156-172, 2006. ,
Chameleon Signatures, NDSS. The Internet Society, p.10, 2000. ,
E ciency improvements for signature schemes with tight security reductions, ACM Conference on Computer and Communications Security, pp.155-164, 2003. ,
Concise Multichallenge CCA-Secure Encryption and Signatures with Almost Tight Security, ASIACRYPT (2), vol.8874, p.23, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01088108
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors, Lecture Notes in Computer Science, vol.9666, issue.2, p.61, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01314642
Generalized Compact Knapsacks Are Collision Resistant, p.81, 2006. ,
One-Shot Veri able Encryption from Lattices, EUROCRYPT (1, p.78, 2017. ,
Introduction to Finite Fields and Their Applications, p.81, 1986. ,
Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications, p.78, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00767548
Compactly Hiding Linear Spans -Tightly Secure Constant-Size Simulation-Sound QA-NIZK Proofs and Applications, ASIACRYPT (1), vol.9452, p.23, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01225363
Structure-Preserving Chosen-Ciphertext Security with Shorter Veri able Ciphertexts, Public Key Cryptography (1), vol.10174, pp.247-276, 2017. ,
Logarithmic-Size Ring Signatures with Tight Security from the DDH Assumption, Lecture Notes in Computer Science. Springer, vol.11099, issue.2, pp.288-308, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01848134
A Toolkit for Ring-LWE Cryptography, In: EUROCRYPT, vol.7881, p.82, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00864284
On Ideal Lattices and Learning with Errors over Rings, J. ACM, vol.60, p.79, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00921792
Lossy Algebraic Filters with Short Tags, Public Key Cryptography, vol.11442, pp.34-65, 2019. ,
URL : https://hal.archives-ouvertes.fr/hal-02124968
Partially Splitting Rings for Faster Lattice-Based Zero-Knowledge Proofs, IACR ePrint 2017, p.78, 2017. ,
All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE, CRYPTO (3), vol.10403 ,
URL : https://hal.archives-ouvertes.fr/hal-01621025
Revocation Systems with Very Small Private Keys, IEEE Symposium on Security and Privacy, pp.273-285, 2010. ,
Multi-use unidirectional proxy re-signatures, ACM Conference on Computer and Communications Security, p.13, 2008. ,
URL : https://hal.archives-ouvertes.fr/inria-00357568
Handbook of Applied Cryptography, 1996. ,
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, LNCS, vol.7237, p.80, 2012. ,
Statistical Zero-Knowledge Proofs with E cient Provers: Lattice Problems and More, p.78, 2003. ,
Number-theoretic Constructions of E cient Pseudo-random Functions, FOCS. IEEE Computer Society, vol.46, pp.458-467, 1997. ,
Provably Secure and Practical Identi cation Schemes and Corresponding Signature Schemes, Lecture Notes in Computer Science, vol.740, p.60, 1992. ,
A New Public-Key Cryptosystem as Secure as Factoring, EUROCRYPT. Vol. 1403, p.77, 1998. ,
Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, Lecture Notes in Computer Science, vol.1592 ,
, , pp.223-238, 1999.
Amortization with Fewer Equations for Proving Knowledge of Small Secrets, pp.365-394, 2017. ,
Practical Quantum-Safe Voting from Lattices, CCS. ACM, pp.1565-1581, 2017. ,
E cient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices, Lecture Notes in Computer Science, vol.3876, p.82, 2006. ,
Security Proofs for Signature Schemes, Lecture Notes in Computer Science, vol.1070, p.61, 1996. ,
Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log, Lecture Notes in Computer Science, vol.3788, p.61, 2005. ,
URL : https://hal.archives-ouvertes.fr/hal-00019352
A Framework for E cient and Composable Oblivious Transfer, Lecture Notes in Computer Science, vol.5157, p.59, 2008. ,
Lossy trapdoor functions and their applications, STOC. ACM, vol.22, p.16, 2008. ,
Universal Witness Signatures, Lecture Notes in Computer Science. Springer, vol.11049, pp.313-329, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01814279
On lattices, learning with errors, random linear codes, and cryptography, STOC. ACM, pp.84-93, 2005. ,
On lattices, learning with errors, random linear codes, and cryptography, J. ACM, vol.56, p.78, 2009. ,
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack, Lecture Notes in Computer Science, vol.576, p.22, 1991. ,
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Commun. ACM, vol.21, pp.120-126, 1978. ,
How to Leak a Secret, Lecture Notes in Computer Science, vol.2248, pp.552-565, 2001. ,
Deterministic Public-Key Encryption for Adaptively Chosen Plaintext Distributions, Lecture Notes in Computer Science, vol.7881, p.16, 2013. ,
On the Ring-LWE and Polynomial-LWE Problems, EUROCRYPT (1), vol.10820, p.82, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01934170
Lecture Notes in Computer Science, E cient Accumulators without Trapdoor Extended Abstracts. In: ICICS, vol.1726, p.60, 1999. ,
Algorithms for Quantum Computation: Discrete Logarithms and Factoring, FOCS. IEEE Computer Society, pp.124-134, 1994. ,
E cient Ring Signatures Without Random Oracles, Public Key Cryptography, vol.4450, p.60, 2007. ,
E cient Identity-Based Encryption Without Random Oracles, Lecture Notes in Computer Science, vol.3494, pp.114-127, 2005. ,
, Dual Projective Hashing and Its Applications -Lossy Trapdoor Functions and More. In: EUROCRYPT, vol.7237, p.16, 2012.
Robustly Reusable Fuzzy Extractor from Standard Assumptions, ASIACRYPT (3), vol.11274, pp.22-24, 2018. ,
The Magic of ELFs, CRYPTO (1), vol.9814, p.16, 2016. ,
62 4.2. ?-protocol for one of (c 0 ,
79 5.2. ?-protocol to show that c commits to µ ? {0, Our contributions to build a voting scheme ,