Isogeny-based Group Signatures and Accountable Ring Signatures in QROM (2110.04795v4)

Abstract: We present the first provably secure isogeny-based group signature (GS) and accountable ring signature (ARS) in the quantum random oracle model (QROM). We do so via introducing and constructing an intermediate primitive called the openable sigma protocol and demonstrating that any such protocol gives rise to a secure GS and ARS. Furthermore, QROM security is guaranteed if an additional perfect unique-response property (which is achieved via our tailored construction) is satisfied. Previous works by Beullens et al. (Eurocrypt 2022, Asiacrypt 2020) proposed isogeny-based GS and ARS with better efficiency but were only analyzed in the classical random oracle model (CROM). It is well-known that CROM security does not generally translate to QROM security; with the growing relevance of isogeny-based constructions in post-quantum cryptography, the current state of the art is unsatisfactory. Moreover, the aforementioned existing isogeny-based signatures were recently affected by the Fiat-Shamir with aborts (FSwA) flaw discovered by Barbosa et al. and Devevey et al. (CRYPTO 2023), leaving the provable security of isogeny-based signatures open to question once again. Our constructions are not only immune to the FSwA flaw but also provide stronger QROM security. As current QROM-secure ARS and GS schemes are mostly lattice-based, we offer a robust post-quantum alternative should lattice assumptions weaken.