A Quantum Secure Convertible Ring Signature Scheme Over SIS Problem

A ring signature scheme (RSS) provides a method to digitally sign a document anonymously on the behalf of a set of possible signers. It is generally used to leak secret information. But an ordinary/general RSS can not be used for anonymous bidding, revealing secrets and later getting reward scenarios. We can use convertible/verifiable RSS to achieve these goals. A convertible RSS is an RSS where the original signer has the potency to convert it into a general/ordinary signature, if required. Here, we construct the first lattice-based (LB) convertible RSS. This scheme gives way to the signer to unfold his identity, if required (Reward, Bidding). We use bimodal Gaussian and rejection sampling in the scheme. We show that our convertible RSS is unforgeable against insider corruption, anonymous against full key exposure, and non-convertible against non-signers. The designed scheme is quantum secure as the underlying short integer solution (SIS) problem over lattice is conjectured to be hard.