Lattice-based message recovery signature schemes

The message recovery signature scheme is a very useful signature scheme in which the verification of signature does not require appended message, because the message can be easily recovered from the signature. Although message recovery signatures based on conventional number-theoretic problems have been achieved, it is still unknown whether message recovery signature can be implemented based on lattices, which are receiving considerable attention in cryptographic community since they are resistant to quantum computer's attacks. This paper provides a positive answer to the above question by presenting two concrete lattice-based message recovery signature schemes. The two schemes make use of the efficient lattice-based signature scheme recently created by Lyubashevsky and presented at EUROCRYPT 2012. Our constructions are proved to be secure in the random oracle model under the short integer solution assumption. Compared with Lyubashevsky signature scheme, our schemes are more efficient in terms of communication overhead.