Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Post-Quantum Sanitizable Signatures from McEliece-Based Chameleon Hashing

Shahzad Ahmad, Stefan Rass, Zahra Seyedi

TL;DR

This work establishes the first transparent, code-based, post-quantum sanitizable signature scheme, offering strong theoretical guarantees and a pathway for practical deployment in long-term secure applications.

Abstract

We introduce a novel post-quantum sanitizable signature scheme constructed upon a chameleon hash function derived from the McEliece cryptosystem. In this design, the designated sanitizer possesses the inherent trapdoor of a Goppa code, which facilitates controlled collision-finding via Patterson decoding. This mechanism enables authorized modification of specific message blocks while ensuring all other content remains immutably bound. We provide formal security definitions and rigorous proofs of existential unforgeability and immutability, grounded in the hardness of syndrome decoding in the random-oracle model, where a robust random oracle thwarts trivial linear hash collisions. A key innovation lies in our precise characterization of the transparency property: by imposing a specific weight constraint on the randomizers generated by the signer, we achieve perfect transparency, rendering sanitized signatures indistinguishable from freshly signed ones. This work establishes the first transparent, code-based, post-quantum sanitizable signature scheme, offering strong theoretical guarantees and a pathway for practical deployment in long-term secure applications.

Post-Quantum Sanitizable Signatures from McEliece-Based Chameleon Hashing

TL;DR

This work establishes the first transparent, code-based, post-quantum sanitizable signature scheme, offering strong theoretical guarantees and a pathway for practical deployment in long-term secure applications.

Abstract

We introduce a novel post-quantum sanitizable signature scheme constructed upon a chameleon hash function derived from the McEliece cryptosystem. In this design, the designated sanitizer possesses the inherent trapdoor of a Goppa code, which facilitates controlled collision-finding via Patterson decoding. This mechanism enables authorized modification of specific message blocks while ensuring all other content remains immutably bound. We provide formal security definitions and rigorous proofs of existential unforgeability and immutability, grounded in the hardness of syndrome decoding in the random-oracle model, where a robust random oracle thwarts trivial linear hash collisions. A key innovation lies in our precise characterization of the transparency property: by imposing a specific weight constraint on the randomizers generated by the signer, we achieve perfect transparency, rendering sanitized signatures indistinguishable from freshly signed ones. This work establishes the first transparent, code-based, post-quantum sanitizable signature scheme, offering strong theoretical guarantees and a pathway for practical deployment in long-term secure applications.
Paper Structure (51 sections, 4 theorems, 11 equations, 5 tables)

This paper contains 51 sections, 4 theorems, 11 equations, 5 tables.

Table of Contents

  1. Introduction
  2. The quantum threat.
  3. Our Contributions
  4. Related Work
  5. Sanitizable signatures.
  6. Chameleon hashes.
  7. Collision-resistance notions.
  8. Post-quantum sanitizable signatures.
  9. Code-based hash functions and signatures.
  10. Background and Formal Definitions
  11. Notation
  12. Computational Assumptions
  13. Chameleon Hash Functions
  14. Sanitizable Signature Schemes
  15. Security properties.
  16. ...and 36 more sections

Key Result

theorem thmcountertheorem

Let $\mathcal{A}$ be a PPT adversary making at most $q_G$ queries to $G$. If $\mathcal{A}$ finds a collision $(m,r)\ne(m',r')$ with $\mathsf{CH}_\mathsf{pk}(m,r)=\mathsf{CH}_\mathsf{pk}(m',r')$ with probability $\epsilon$, then there exists a PPT algorithm $\mathcal{B}$ solving $\mathrm{SD}(n,n-k,2t

Theorems & Definitions (19)

  • definition thmcounterdefinition: Syndrome Decoding (SD)
  • definition thmcounterdefinition: McEliece Assumption
  • definition thmcounterdefinition: Chameleon Hash krawczyk_chameleon_1998
  • definition thmcounterdefinition: Sanitizable Signature Scheme ateniese_sanitizable_2005jarecki_security_2009
  • definition thmcounterdefinition: $\mathsf{EUF\text{-}CMA}$-Security jarecki_security_2009
  • definition thmcounterdefinition: Immutability ateniese_sanitizable_2005
  • definition thmcounterdefinition: Transparency ateniese_sanitizable_2005brzuska_sanitizable
  • remark thmcounterremark: Accountability vs. Transparency
  • remark thmcounterremark: Goppa code requirements
  • remark thmcounterremark: Weight-$t$ exactness of decoded error
  • ...and 9 more