Secure Stern Signatures in Quantum Random Oracle Model

Abstract

The Stern signatures are a class of lattice-based signatures constructed from Stern protocols, a special class of sigma protocols, admitting diverse functionalities with good asymptotic efficiency. However, the post-quantum security of existing Stern signatures is unclear, since they are built via the Fiat-Shamir transformation, which has not been proved to be secure in the quantum random oracle model (QROM). The goal of this paper is to find an alternative transformation for constructing post-quantum secure Stern signatures. The Unruh transformation (Eurocrypt 2015) is an alternative that can build secure signatures in QROM from post-quantum secure sigma protocols. Unfortunately, its proof relies on the 2-special soundness of the underlying sigma protocol, while Stern protocols are 3-special sound. We fill this gap by providing an extended proof for the Unruh transformation. Specifically, we prove that it is still secure in the QROM even if the underlying sigma protocols are k-special sound, where$$k>2$$ could be an arbitrary integer. Observing that Stern protocols are post-quantum secure sigma protocols with 3-special soundness, our proof implies a generic method to obtain secure Stern signatures in the QROM.