SILMARILS: Information-Theoretic and Quantum-Secure Designated-Verifier Signatures

TL;DR

SILMARILS introduces a quantum-secure, algebraic framework for designated-verifier signatures supporting transferability, with compact keys suitable for blockchain applications, and extends security proofs to quantum adversaries.

Contribution

It presents a minimal algebraic design for transferable designated-verifier signatures that are quantum-secure and efficient for blockchain use cases.

Findings

Achieves Jakobsson-Sako-Impagliazzo DV security in a simple algebraic setting.

Provides security proofs in the ROM, QROM, and IT+ROM models against quantum adversaries.

Offers compact keys and signatures suitable for lightweight blockchain authentication.

Abstract

SILMARILS is built from a minimal algebraic core over $\mathbb{F}_p$ using true randomness and perfect $2$-out-of-$2$ Shamir secret sharing. The framework supports both two-party and three-party modes. In the two-party setting, SILMARILS realizes a transferable designated-verifier (TDV) signature scheme. The designated verifier can simulate accepting transcripts indistinguishable from real ones, achieving Jakobsson-Sako-Impagliazzo DV security. The verifier may publish a receipt $r$ enabling public verification, yet even with $r$, no external party can tell whether a transcript was signed or simulated. As DV signatures permit simulation, standard EUF-CMA cannot hold for the designated verifier; instead, we prove $\mathsf{EUF\text{-}CMA}^{\neg\mathsf{DV}}$ security for all non-designated verifiers in both the random oracle model (ROM) and quantum random oracle model (QROM). In the three-party mode, adopting the broadcast model of Fitzi et al., we obtain a statistically secure signature protocol with simulation-based security and error $1/p$. We analyze security in the Pure IT model, the IT+ROM, and the QROM, extending the Fitzi et al. framework to quantum adversaries with classical I/O. Correctness, secrecy, transferability, and unforgeability for non-designated parties remain equivalent to simulation-based security. Thanks to its simple algebraic structure, SILMARILS offers very compact keys and signatures for the blockchain settings we target, where standardized PQC schemes are already more than sufficient. Our goal is not to compare SILMARILS with PQC, but to highlight its suitability for lightweight TDV authentication. A fair comparison with other DV schemes is omitted due to space and the complexity of aligning models.