Linearly Homomorphic Signature with Tight Security on Lattice
This addresses a central problem in theoretical cryptography for cryptographers, offering a solution with tight security, though it is incremental as it builds on prior work with a weaker model.
The paper tackles the open problem of constructing a linearly homomorphic signature scheme with tight security under the Short Integer Solution (SIS) assumption in the standard model, achieving this by introducing a new security model and providing a construction with tight security.
Constructing cryptographic schemes with tight or almost-tight security has long been one of the central problems in theoretical cryptography. At ASIACRYPT 2016, Boyen and Li posed an open problem: whether it is possible to construct a homomorphic signature scheme with tight or almost-tight security under the Short Integer Solution (SIS) assumption in the standard model. In 2024, Chen achieved the first construction with almost-tight security under a weaker security model. To further achieve tight security in the standard model, this paper introduces a new security model whose security requirements are weaker than those of the standard adaptive model but stronger than the model adopted by Chen. Under this model, we construct a linearly homomorphic signature scheme with tight security.