Duplication free public keys based on SIS-type problems

In the public key cryptography, we say that two public keys are duplicated if they share a private key in common. We point out that no duplicate public keys exist in the RSA public key scheme since there is a one-to-one correspondence between the set of problems and the set of solutions for integer factorization problem. Contrary to the integer factorization problem, there is no such one-to-one correspondence with Short Integer Solution (SIS)-type problems and this necessitates to study its effect on duplicate public keys of the schemes based on SIS. In this paper, we analyze the existence of duplicate public keys with four types of SIS problem: SIS, SIS with full rank solution set, basic Inhomogeneous SIS (ISIS), ISIS with the defining matrix A as a public parameter. As a result, we show that there is no provable way to exclude duplicate public keys of the schemes based on the basic SIS, basic ISIS, and SIS with a full rank solution set. However, we show that if A is given in the systematic form and the given set of solutions forms a matrix of rank (m−n) over Z_q, then it guarantees duplication free public keys. We also prove that the schemes based on ISIS with the matrix A as a public parameter always guarantee duplication free public keys.