A Note on the Post-quantum Security of (Ring) Signatures

This work revisits the security of classical signatures and ring in a quantum world. For (ordinary) signatures, we focus on arguably preferable notion blind-unforgeability recently proposed by Alagic et al. (Eurocrypt’20). We present two short signature schemes achieving this notion: one is random oracle model, assuming hardness SIS; other plain LWE with super-polynomial modulus. Prior to work, only known blind-unforgeable are Lamport’s one-time Winternitz signature, both them model. recent Chatterjee (Crypto’21) proposes definition trying capture adversaries access signer. However, it unclear if their definition, when restricted world, as strong standard for signatures. They also construction that partially achieves (even) seeming weak sense adversary can conduct superposition attacks over messages, but not rings. propose new does suffer from above issue. Our an analog setting. Moreover, LWE, construct compiler converting any satisfying our definition.