A Compact Post-quantum Strong Designated Verifier Signature Scheme from Isogenies

TL;DR

This paper introduces a compact, post-quantum secure designated verifier signature scheme based on isogenies, providing strong security guarantees and addressing the size and quantum vulnerability issues of prior lattice-based solutions.

Contribution

It presents the first isogeny-based SDVS scheme, leveraging supersingular elliptic curves and the MT-GAIP problem, with strong security guarantees in the quantum era.

Findings

Achieves strong unforgeability and privacy in the random oracle model.

Offers a more compact alternative to lattice-based post-quantum SDVS schemes.

Is the only post-quantum SDVS scheme based on isogenies.

Abstract

Digital signatures are fundamental cryptographic tools that provide authentication and integrity in digital communications. However, privacy-sensitive applications, such as e-voting and digital cash, require more restrictive verification models to ensure confidentiality and control. Strong Designated Verifier Signature (SDVS) schemes address this need by enabling the signer to designate a specific verifier, ensuring that only this party can validate the signature. Existing SDVS constructions are primarily based on number-theoretic assumptions and are therefore vulnerable to quantum attacks. Although post-quantum alternatives, particularly those based on lattices, have been proposed, they often entail large key and signature sizes. In this work, we present $\mathsf{CSI\text{-}SDVS}$, a novel isogeny-based SDVS scheme that offers a compact, quantum-resistant alternative to existing SDVS constructions. The scheme leverages the ideal class group action on $\mathbb{F}_p$-isomorphism classes of supersingular elliptic curves and is founded on the hardness of the Multi-Target Group Action Inverse Problem (MT-GAIP). $\mathsf{CSI\text{-}SDVS}$ achieves strong security guarantees, Strong Unforgeability under Chosen-Message Attacks (SUF-CMA), Non-Transferability (NT), and Privacy of Signer's Identity (PSI), in the random oracle model, thereby making it among the most compact PQC-based SDVS schemes and the only post-quantum secure construction based on isogenies.