We consider the multi-user security under the adaptive corruptions and key leakages (MUc&l security) for lattice-based signatures. There already exists an MUc&l secure signature based on a number-theoretic assumption, or a leakage-resilient lattice-based signature in the single-user setting. However, MUc&l secure lattice-based signature is not known. We examine the existing lattice-based signature schemes from the viewpoint of MUc&l security. We find that the security of the Lyubashevsky’s signature, which is proven to have the ordinary single-user security only, can be extended to the multi-user security even if we take into account the adaptive corruptions and the key leakages. Our security proof in the multi-user setting makes use of the feature of the SIS problem so that a SIS instance is set to the public parameter and a reduction algorithm can set a public key with a secret key in order to answer a corruption query. We also show that the entropy of the secret key is kept under the bounded leakage with a high probability and then the leakage resilience of signature holds. Copyright © 2026 The Institute of Electronics, Information and Communication Engineers.

Aggregate signatures without the bilinear map is a challenging and important problem in aspects of both practical and theoretical cryptology. In order to construct an aggregate signature which does not use the bilinear map, it is general to restrict some functionality of aggregate signatures or to employ strong cryptographic assumptions. The aggregate signature with the pre-communication (ASwPC) is one of the variants of aggregate signatures to achieve the security from a standard cryptographic assumption without the bilinear map. The ASwPC requires signers to interact with each other to share a temporary randomness before they determine their messages to be signed. After the pre-communication, each signer can start the signing process individually. An instantiation of ASwPC is given based on the discrete logarithm (DL) assumption, and its security is proven in the random oracle and the knowledge of secret key (KOSK) model via a loose security reduction. In this paper, we aim to construct a new ASwPC scheme whose security is proven via a tight security reduction. We employ the DDH assumption rather than the DL assumption. The combination of the property of the decisional assumption and that of the KOSK model enables us to apply the lossy key technique even in the case of ASwPC. Then we can prove the security of our scheme with a tight security reduction. Copyright © 2025 The Institute of Electronics, Information and Communication Engineers.