Abstract— Energy-efficient proof-of-stake (PoS) consensus protocols in blockchain have gained much attention from academia
and industry recently. Despite their potential advantages, PoS
protocols have not been extensively deployed in the existing digital
currency market due to inherent security concerns, e.g., longrange attacks. Such attacks enable an adversary to rewrite the
entire transaction history of a blockchain, severely compromising
its immutability. The puncturable signature provides an efficient
solution against long-range attacks due to secret key leakage.
More specifically, a signer can update the secret key with
chosen messages selectively, while the public key is unchanged.
Unfortunately, the existing puncturable signature schemes suffer
from either updating the public key repeatedly or large key sizes,
which makes them unsuitable for PoS protocols. To resolve these
drawbacks, we adopt a delegated approach to performing key
puncture operations and propose a generic puncturable signature
construction from delegated (key-policy) constrained signatures.
We present a concrete puncturable signature scheme over lattices
that is proven secure based on the short integer solution (SIS)
assumption in the standard model.
