Practical Lattice-Based Multisignature Schemes for Blockchains

Compact multisignature is vital for shrinking the signature size of decentralized blockchain. All practical compact multisignature schemes have been constructed from the discrete logarithm problem which is potentially vulnerable to quantum computing attacks. Lattice-based multisignature schemes are potential candidates for resisting quantum attacks. However, the existing lattice-based multisignature schemes suffer either loose signatures or large public key and signature sizes after compressing, which makes them unsuitable for blockchains. In this paper, we first present a practical lattice-based multisignature scheme with much smaller signature sizes than previous lattice-based multisignature schemes. Then, we extend our scheme to support public key aggregation with almost the same performance. Both of our multisignature schemes are provably secure in the random oracle model under the ring version of the short integer solution (Ring-SIS) assumption. They outperform the recent lattice-based multisignature scheme proposed by Bansarkhani and Sturm (BS) in terms of both signature size and communication overhead.