Generalised ISISf

The Generalised ISIS_f assumption (GenISIS_f) was introduced by Dubois, Klooß, Lai, and Woo in 2025.^[1] As the name suggests, it is a generalisation of the ISISf assumption introduced in 2023.^[2] It removes two restrictions imposed by ISIS_f, which enables reducing to GenISIS_f. Furthermore, GenISIS_f inherits the ISIS_f framework to generically generate constructions for several primitives.

Formal Definition

GenISIS_f

Let $(n, m, d, q, β, k, s)$ be public parameters, matrix $𝐀 \in ℛ_{q}^{n \times m}$ be chosen uniformly at random, $f$ be a keyed function $f : 𝒦 \times D \to ℛ_{q}^{n}$ , and $χ$ be a distribution over $D$ . The challenger chooses a key $κ \leftarrow 𝒦$ uniformly and generates $k$ hints $(x_{i}, 𝐬_{i})$ in the following way.

$x_{i} \leftarrow χ$
$𝐬_{i} \leftarrow 𝐀_{s}^{- 1} (f (κ, x_{i}))$

Given the matrix $𝐀$ , the key $κ$ , and the set of hints ${(x_{i}, 𝐬_{i})}_{i \in [k]}$ , the adversary is asked to find a new tuple $(x^{*}, 𝐬^{*}) \in D \times ℛ^{m}$ satisfying $𝐀 \cdot 𝐬^{*} = f (κ, x^{*}) mod q \land 0 < ‖ 𝐬^{*} ‖ \leq β \land (x^{*}, 𝐬^{*}) \notin {(x_{i}, 𝐬_{i})_{i \in [k]}} .$

Intuition. Compared to ISIS_f, GenISIS_f allows hints to be chosen from any distribution $χ$ over $D$ instead of them needing to uniformly distributed over $[N]$ . Otherwise, GenISIS_f does not rely on a statically chosen function $f$ , but a keyed function - or a family of functions, of which a specific function is chosen at runtime.

Interactive GenISISf

Let $(n, m, d, ℓ_{m}, ℓ_{r}, q, β_{s}, β_{m}, s)$ be public parameters, matrices $𝐀 \in ℛ_{q}^{n \times m}, 𝐂 \in ℛ_{q}^{n \times (ℓ_{m} + ℓ_{r})}$ be chosen uniformly at random, $f$ be a keyed function $f : 𝒦 \times D \to ℛ_{q}^{n}$ , $χ$ be a distribution over $D$ , $ℳ = \emptyset$ , and a uniformly chosen key $κ \in 𝒦$ . Given the matrices $𝐀, 𝐂$ , and the key $κ$ , an adversary is able to query an oracle $O_{pre}$ adaptively, which on input $𝐦 \in ℛ^{ℓ}$ proceeds as follows.

if $‖ 𝐦 ‖ > β_{m}$ then return $⊥$
$x \leftarrow χ$
$𝐬 \leftarrow 𝐀_{s}^{- 1} (f (x) + 𝐂 \cdot 𝐦)$
$ℋ \leftarrow ℋ \cup {x, 𝐬, 𝐦}$
return $(x, 𝐬)$

An adversary is asked to find a new tuple $(x^{*}, 𝐬^{*}, 𝐦^{*})$ satisfying $(x^{*}, 𝐬^{*}, 𝐦^{*}) \notin ℋ \land 𝐀 \cdot 𝐬^{*} = f (x^{*}) + 𝐂 \cdot 𝐦 \land 0 < ‖ 𝐬^{*} ‖ \leq β_{s} \land ‖ 𝐦^{*} ‖ \leq β_{m} .$

Intuition. Compared to the interactive version of ISIS_f, interactive GenISIS_f introduces a "strong unforgeability" flavour.

Hardness of GenISIS_f and its interactive version

Dubois et al.^[1] provide a translation of Theorem 3.3 to GenISIS_f provided by Bootle et al.^[2], which states that interactive ISIS_f is at least as hard as ISIS_f.

Otherwise, the authors^[1] show in Theorem 7 that GenISIS_f is equivalent to the sEUF-RMA experiment for vSIS-based signatures, which are introduced in the same work.

Constructions based on GenISIS_f

Bootle et al.^[2] provide a framework to generically build the following constructions from any interactive ISIS_f instance. As any ISIS_f instance is also a GenISIS_f instance, GenISIS_f inherits this framework.

Signatures^[2]
Group signatures^[2]
Blind signatures^[2]^[3]
Anonymous credentials^[2]^[3]

Related Assumptions

References

↑ ^1.0 ^1.1 ^1.2 Dubois, A., Klooß, M., Lai, R.W. and Woo, I.K. Lattice-based proof-friendly signatures from vanishing short integer solutions. IACR International Conference on Public-Key Cryptography. Cham: Springer Nature Switzerland, 2025.
↑ ^2.0 ^2.1 ^2.2 ^2.3 ^2.4 ^2.5 ^2.6 Bootle, J., Lyubashevsky, V., Nguyen, N.K. and Sorniotti, A. A framework for practical anonymous credentials from lattices. Annual International Cryptology Conference. Cham: Springer Nature Switzerland, 2023.
↑ ^3.0 ^3.1 Lyubashevsky, Vadim, Gregor Seiler, and Patrick Steuer. The LaZer library: Lattice-based zero knowledge and succinct proofs for quantum-safe privacy. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2024.

[:2-1] 1.0 ^1.1 ^1.2 Dubois, A., Klooß, M., Lai, R.W. and Woo, I.K. Lattice-based proof-friendly signatures from vanishing short integer solutions. IACR International Conference on Public-Key Cryptography. Cham: Springer Nature Switzerland, 2025.

[:0-2] 2.0 ^2.1 ^2.2 ^2.3 ^2.4 ^2.5 ^2.6 Bootle, J., Lyubashevsky, V., Nguyen, N.K. and Sorniotti, A. A framework for practical anonymous credentials from lattices. Annual International Cryptology Conference. Cham: Springer Nature Switzerland, 2023.

[:1-3] 3.0 ^3.1 Lyubashevsky, Vadim, Gregor Seiler, and Patrick Steuer. The LaZer library: Lattice-based zero knowledge and succinct proofs for quantum-safe privacy. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2024.

[1]

[2]

[3]