Loquat: A SNARK-Friendly Post-quantum Signature Based on the Legendre PRF with Applications in Ring and Aggregate Signatures

Xinyu Zhang, Ron Steinfeld, Muhammed F. Esgin, Joseph K. Liu, Dongxi Liu, Sushmita Ruj

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

We design and implement a novel post-quantum signature scheme based on the Legendre PRF, named Loquat. Prior to this work, efficient approaches for constructing post-quantum signatures with comparable security assumptions mainly used the MPC-in-the-head paradigm or hash trees. Our method departs from these paradigms and, notably, is SNARK-friendly, a feature not commonly found in earlier designs. Loquat requires significantly fewer computational operations for verification than other symmetric-key-based post-quantum signature schemes that support stateless signing. Our Python implementation of Loquat demonstrate a signature size of 46KB, with a signing time of 5.04 s and a verification time of 0.21 s. Instantiating the random oracle with an algebraic hash function results in the R1CS constraints for signature verification being about 148K, 7 to 175 times smaller than those required for MPC-in-the-head-based signatures and 3 to 9 times less than those for SPHINCS+ [Bernstein et al. CCS’19]. We explore two applications of Loquat. First, we incorporate it into the ID-based ring signature scheme [Buser et al. ACNS’22], achieving a significant reduction in signature size from 1.9 MB to 0.9 MB with stateless signing and practical master key generation. Our second application presents a SNARK-based aggregate signature scheme. We use the implementations of Aurora [Ben-Sasson et al. EC’19] and Fractal [Chiesa et al. EC’20] to benchmark our aggregate signature’s performance. Our findings show that aggregating 32 Loquat signatures using Aurora results in a proving time of about 7 min, a verification time of 66 s, and an aggregate signature size of 197 KB. Furthermore, by leveraging the recursive proof composition feature of Fractal, we achieve an aggregate signature with a constant size of 145 KB, illustrating Loquat’s potential for scalability in cryptographic applications.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference Santa Barbara, CA, USA, August 18–22, 2024 Proceedings, Part I
EditorsLeonid Reyzin, Douglas Stebila
Place of PublicationCham Switzerland
PublisherSpringer
Pages3-38
Number of pages36
ISBN (Electronic)9783031683763
ISBN (Print)9783031683756
DOIs
Publication statusPublished - 2024
EventAdvances in Cryptology 2024 - Santa Barbara, United States of America
Duration: 18 Aug 202422 Aug 2024
Conference number: 44th
https://link.springer.com/book/10.1007/978-3-031-68376-3 (Proceedings)
https://crypto.iacr.org/2024/ (Website)

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume14920
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAdvances in Cryptology 2024
Abbreviated titleCRYPTO 2024
Country/TerritoryUnited States of America
CitySanta Barbara
Period18/08/2422/08/24
Internet address

Keywords

  • Aggregate Signature
  • ID-Based Ring Signature
  • Legendre PRF
  • Post-Quantum Signature
  • SNARK

Cite this