DESCRIPTION QUANTUM-RESISTANT LATTICE-BASED ACCOUNTABLE SUBGROUP MULTI- SIGNATURE SCHEME TECHNICAL FIELD The invention relates to a method comprising a quantum-resistant lattice-based accountable subgroup multi-signature scheme. STATE OF THE ART (BACKGROUND) In public-key cryptosystems (including signatures), security is based on difficult math problems called one-way functions. This difficulty refers to a level of difficulty that cannot be _{exploited with classical computer systems. However, when it comes to quantum computing,} the same degree of difficulty of the problems in question cannot be mentioned. Although its practical applications have not yet become widespread, quantum-computers will replace classical computers in the coming years. There are also companies that declare that they are already producing quantum computers. However, it is very important to move the existing cryptographic systems to the quantum-resistant area before quantum-computing systems become widespread. Since multiple signatures will need to be used in the quantum-resistant domain, signature schemes with properties such as quantum-resistance, accountability, and flexible number of signers will be needed. There are many accountable subgroup multi- signature schemes (ASM) in the known state of the art. However, there is no ASM scheme in _{the literature that is quantum resistant, accountable and has a flexible number of signers.} The multi-signature and other related definitions in the literature are listed below. 1. A multi-signature is a type of digital signature in which a group of signers sign the same message together. There are some concepts in the literature related to multi-signatures for different scenarios such as group signatures, threshold signatures, aggregate signatures and accountable subgroup multi-signatures. a. A group si gnature inc ludes a gro up of poten tial signers where any group mem ber can anonym ously sign message o n behalf o f the entir e group . In fact, th is signatur e is not exactly an anonym ous signatu re. Becaus e there is a group man ager who k nows the i dentities of all si gners in the group . I n addition, no more th an one sig ner can sign a group s ignature at a tim e. A thresh old signatu re, on the o ther hand, is a type o f multi-sign ature that requires any t sig ners within the group to create a legitima te signature on behalf of the grou p of n potentia l signers. It provides a nonymity, that is, the identities o f the signer s cannot be known by the verifier. Th erefore, it has no ac countability feature. T here is al so a more general concept called agg regate sign ature, whi ch allows different si gnatures c reated on d ifferent message s to be ag gregated in a single si gnature. A s can be un derstood f rom the de finitions given ab ove, neith er group si gnatures, th reshold sig natures no r aggregate signatures provide sufficien t flexibility and accou ntability at the same ti me. b. A ccountab le subgrou p multi-si gnature ( ASM) is a type of m ulti-signat ure that allows e ach mem ber to be r esponsible for the res ulting sign ature by sig ning a me ssage m together of any su bgroup of the group of n pot ential signe rs. In the literature, t here are three ty pes of ASM schemes based on D LP (discre te logarithm problem) and DHP (Diffie- Hellman problem). None of th e existing s chemes are quantum-r esistant. BRIEF DESCRIP TION AND OBJECT S OF THE INVENT ION The pre sent invent ion relates to a comp uter-based method co mprising a quantum- resistant lattice-b ased accou ntable sub group mult i-signature scheme in order to el iminate the above- mention ed disadva ntages and to bring new advantag es to the rel ated techni cal field. The inv ention was developed by creating a new ASM scheme ( vMS ₂ ) usin g the MS ₂ scheme, which is a lattice-b ased multi- signature sc heme base d on the M odule-LWE problem ( module- learning with error s problem) and the M odule-SIS problem ( module-sho rt integer solution problem ). Therefo re, with th e invention , a vMS ₂ s cheme was created by adding ac countabilit y to the MS ₂ mu lti-signatur e algorithm . With vM S ₂ , an acco untable sub group mult i-signature scheme resistan t to quantum computer s was reve aled. There is no quan tum-resista nt ASM sc heme in the literature so far. In this respect, since the vMS ₂ scheme is the first quantum-resistant ASM scheme in the literature, there is no other scheme that can be compared. Its difference from the existing classical ASM schemes is that it is quantum-resistant. In the vMS ₂ scheme, if the number of signers is fixed in advance, it is an accountable threshold signature. In this case, _{the threshold signature is also quantum-resistant.} That is to say, only one ASM scheme is presented in the present form of the invention. However, by adding this minimum number of signers requirement, the ASM scheme turns into an accountable threshold signature scheme. As it is known, digital signatures are used not only in document signing, but also in many fields such as financial transactions, authentication, electronic voting, blockchain technologies, etc. To give an example, the digital signatures of the following must be validated: - If money is to be transferred from an account, the person(s) authorized to make the transfer - If a remote-controlled weapon system is to be fired, the person(s) authorized to initiate firing, - If a vote is to be taken, the person(s) authorized to vote, - etc. In this context, qualifications such as quantum-resistance, accountability and the flexible number of signers offered by the invention vMS ₂ can be used to meet the needs that may _{arise in many areas, from military technologies to space and aviation technologies, from} banking/financial technologies to medical technologies, in short, in all sectors where digital signatures are used. DETAILED DESCRIPTION OF THE INVENTION In this detailed description, the novelty of the invention is explained only with examples that will not have any limiting effect for a better understanding of the subject matter. The pre sent invent ion relates to a comp uter-based method co mprising a quantum- resistant lattice-b ased accou ntable sub group mult i-signature scheme. D etailed info rmation ab out the method is describe d below. Module -SIS proble m (modul e-short inte ger solutio n problem ) and Mod ule-LWE problem (module -learning w ith errors problem) d efinitions, verifiable secret shar ing schem e (VSS) and MS ₂ signature scheme def initions use d in the sta ges of the i nvention ar e presented . 1. A ssumptio ns: The fol lowing are some defin itions, gen eral assum ptions used in the sch emes, and general informa tion about t he notation used: ● A ssume the group is a set of u sers. ● L et q be a p rime, an idea l polynomi al ring, and an 2N-th cy clotomic p olynomial. ● L et be a sub set of poly nomials w hose coeff icients are smaller th an . ( ) ● d enotes that ( ) vector a with elements is randomly sampled from a n ormal dis tribution D with stand ard deviat ion s∈R. (T he $ symbo l indicates that the samplin g is random ly perform ed) Suppos e that rand om selectio ns other th an this are sampled from a u niform dis tribution. ● W e will wr ite ring elem ents in low ercase let ters, and co lumn vecto rs of ring e lements in bold lowercase l etters: for e xample, and . ● L et be a ring element, the norms of are calculat ed as follow s: - - ● Similarly, t he norms of the colu mn vector consisting of ring element s are calcul ated as: - - Below a re the defin itions of th e Module-S IS problem (module-s hort intege r solution p roblem) and the Module-LW E problem s(module-l earning wit h errors pro blem). Module -SIS Problem : Let , and be a prime, an idea l polynomi al ring, an d an 2N-th cyc lotomic po lynomial. Given a random matrix , find a vector that satisfies th e following conditions : Module -LWE Probl em: Let , be a prime , an ideal polynom ial ring, w here i s an 2N-th cyclotomic polynomia l and be a subset of polyno mials wh ose coeffi cients are smaller than . Given a random pair, decid e whether this pair is randoml y selected from or obtained by calcula ting Regardi ng the sym bol definiti ons, the t re fers to the public key. While t us ed for the th reshold value is written as n ormal, t is expressed in bold font symbolizin g the publi c key. Below is the defin ition of Ver ifiable Secr et Sharing (VSS). ^2. _V erifiable Secret Sha ring Schem a (VSS): Supp ose a deale r wants to share a sec ret value to the use rs in the gr oup . Let be our threshol d. Assume that the def initions of A , are as given a bove. ● T he dealer shares a sec ret as follow s. (i ) Selects a p olynomial with degre e (t-1): where all , dis tinct and n on-zero, a nd secr et to be shared. (i i) calculate s a set of co mmitments from the c oefficients of the polynomia l: ● send s the p air to the i th user for . ● U sers verif y their sh ares with the equatio n wheth er their shares a re consisten t with the shared secr et and their own identi ties. If veri fication is s atisfied, it means that the rig ht share is sent to the right user. ● I f any t or more users combine t heir shares , they can correctly fo rm the pol ynomial f(x) wit h Lagrange interpolati on. Thus, f (0) gives t he shared secret value . In the in vention, only the sharing an d commitm ent phases of the VS S are used in the vM _S2 ^scheme, and the phase o f reconstruc tion of the secret value is not used . The def inition and phases of th e MS ₂ Mu lti-signatur e Scheme a re described below. 3. MS ₂ Multi-Sign ature Sche me: a. Assu mptions: long bin ary sequen ces, where the length o f should be sufficie nt to ensure the securit y. (iii) Let distrib ution be a dist ribution in which the randomly sampled value is sampled to be used in the addi tively homo morphic tr apdoor com mitment sc heme. (iv) assume th at be t he key an d Commit and Open functions of an ad ditively homom orphic trapd oor comm itment sche me belong to this sch eme and th at the input /outputs are as fo llows. b. Key generation phase: Th e th user w ho receive s the public paramet ers proceed s as follow s: (i) Se lects a rand om matrix , (ii) C alculates t he hash of the selected matrix an d its index, and s ends the value to the th u ser. (iii) Sends the s elected ma trix to th e th user after receiv ing the values from the th user. (iv) A fter receiv ing the mat rix from the th use r ● I f for a ny user , aborts the p rotocol an d informs e veryone th at it has aborted . ● O therwise, it calculate s the matr ix and expands i t with the identity matrix, ^is one of the p ublic param eters which d efines the s ize of the _where ^{key, and} I is the iden tity matrix . (v) S elects a ran dom secret key, (vi) C alculates t he public k ey, = (vii) th user's se cret key is and pub lic key is = c. Signa ture gener ation phas e: The th user genera tes the sign ature as fol lows. Let t he set of public k eys be and the message to be signed . (i) C alculates th e commitm ent key, , (ii) S elects a ran dom and ca lculates th e value, (iii) Calculates the comm itment va lue, (with a random (iv) S ends the c ommitment to ot her users. (v) C alculates t he aggrega ted commit ment of th e group aft er receiving the comm itments (vi) Calculates a hash of the me ssage to be signed and the other par ameters, (vii) Computes the individu al signatur e, (viii) Runs the “Rejection Sampling” procedure with the ( as i nput and s ends the valid si gnature, th at is the pair it genera ted, to oth er users, w ith the fo llowing probabi lity If the va lid signatu re cannot b e obtained as a result of the "Rej ection Samp ling" proc edure, it returns t o (ii) and r estarts. (ix) I f restart in formation h as been rec eived from any user, i t will return to (ii) and restart. individua l signature s are recei ved from other users , it calcula tes the ag gregated signatur e as follow s: ● C alculates t he valu es for all u sers . ● P erforms th e and checks. Here, B re presents the uppe r bound fo r the norm of the signa ture. It is in the public parameters . ● I f the abov e checks a re not sati sfied for a ny , it abo rts the pro tocol and informs everyon e that it has aborted. ● I f all chec ks are sat isfied, com putes the aggregated signature , and (x) If the protoc ol is not ab orted, multi -signature is triplet . d. Verif ication ph ase: Anyon e who rece ives the pub lic parame ters }) and in formation ver ifies the mu lti-signatur e as follow s: (i) C alculates i ndividual m essage ha shes _an d reconstr ucts the , it accepts the signatu re. (iii) R ejects othe rwise. vMS ₂ : Quantum -Resistant Lattice-B ased Acc ountable Subgroup Multi-Si gnature Scheme The diff icult probl ems that th e invention is based o n, and that makes the invention q uantum resistan t, are the M odule-LWE and Modu le SIS assu mptions. The sam e assumpt ions of the MS ₂ mul ti-signature scheme d escribed ab ove and th e same notation are used i n the follow ing descrip tion. In ad dition, let's assume t hat there is users sig ning out o f u sers here. ( ) a. Key generation phase: E ach th use r in group receivin g public p arameters p roceeds as follows: (i) Se lects a rand om matrix , (ii) Calculates the has h of the selected matrix and its i ndex and sends values to the th u ser. (iii) Sends the s elected ma trix to th e th user after receiv ing the v alues from the th user. (iv) A fter receiv ing the mat rix from the th us er ● for a ny user , a borts the p rotocol and informs e veryone th at it has aborted . ● O therwise, it calcula tes the ma trix and extend s it with the k- dimensi onal identit y matrix . (v) R andomly se lects two s ecret key co mponents of length and k, , (vi) Calculates the public k ey by mul tiplying the secret key from the l eft by its matrix, (vii) is the sec ret key and the public key of the th user is = pair. b. Grou p setup ph ase: each th user in t he group participate s in the fol lowing gro up setup protoco l: (i) S elects a ra ndom secre t polynom ial with co efficients and (ii) B y multiply ing the co efficients o f the selec ted polyno mial from the left w ith its matrix o ne by one, it calculate s the indivi dual comm itment set (iii) Sends the pair to the th user. (iv) a fter receivi ng the pa ir from the th user ● C alculates t he raw mem bership ke y , ● C alculates t he commitm ent set of the group ● P erforms th e following checks; - (It is the control of whether ea ch user real ly uses thei r own secre t key in group se tup for com mitment s et.) - (It is the c ontrol of w hether the index of u ser i is co nsistent with the share sent by j users f or raw mem bership ke y.) If one o f these che cks is not satisfied, it aborts the protocol. I t informs e veryone th at it has aborted and starts t he group se tup from th e very begi nning by se lecting a ne w polynom ial. ● I f the check s are satisfi ed, in order to normali ze the raw membershi p key, for an d , with coeffi cients in the rang e, it choose s the follow ing vector , ● C alculates t he member ship key and publishes th e pair. c. Sign ature gen eration ph ase: The th user g enerates th e signatur e as follo ws. Let be the set o f public ke ys and be the messag e to be sign ed. (i) C alculates th e commitm ent key, , (ii) S elects a ran dom and c alculates th e value, (iii) Calculates its individ ual comm itment with a random (iv) S ends its in dividual co mmitment to eve ry th user in the subg roup . (v) A fter receivi ng the com mitments from the th user in subgrou p , ca lculates the aggr egated com mitment, (vi) Calculates a hash of the me ssage to be signed and the other par ameters, (vii) Creates th e individua l signature by signing t he calculat ed hash with the membersh ip key, (viii) Runs the “ Rejection S ampling” p rocedure w ith the as input and s ends the valid si gnature, tha t is the pair t hat it gene rated, to o ther users, with the fo llowing probabi lity, If the va lid signatu re cannot b e obtained as a result of the "Rej ection Samp ling" proc edure, it returns to (ii) and r estarts. He re, D mean s normal d istribution, M is the p ublic param eter for Rejectio n Sampling . (ix) I f restart in formation h as been rec eived from any user, i t will return to (ii) and restart. If indiv idual signa tures are rec eived from other use rs in the s ubgroup , it calculat es the aggre gated sign ature as foll ows: ● f or all users in subgro up t he values are reconstruct ed. ● P erforms ch ecks. ● I f the abov e checks a re not sati sfied for a ny , it abo rts the pro tocol and informs everyon e that it has aborted. ● O therwise, ar e calculated . (x) I f the proto col has no t been abo rted, the accountable subgroup multi-sign ature of subgrou p S is the tr iplet ) . d. Veri fication ph ase: any u ser given public par ameters and info rmation, verifies vMS ₂ mult i-signature as follows: (i) C alculates in dividual me ssage hash es for all us ers in sub group and , accepts th e signature . (iii) R ejects othe rwise. Based on the de tailed info rmation ab ove, the invention i s a comp uter-based method compris ing a quan tum-resista nt lattice-b ased accou ntable subg roup multi -signature scheme, characte rized in tha t it compri ses the follo wing; ● I n the key g eneration p hase, the s ecret and pu blic key pa irs are gen erated base d on the quantum -resistant p roblems M odule-LWE and Modu le-SIS, ● I n the grou p setup ph ase, each u ser in the group co nsisting of n potential signers particip ates in the group set up phase and in thi s protocol; randomly selecting a secret polynom ial, the c onstant te rm of whi ch is the secret ke y, calculat ing the in dividual commit ment set, ca lculating t he shares, s ending the individual commitmen t set and s hares to other us ers, calcula ting the raw membersh ip key, cal culating the commitme nt set of th e group, perform ing consist ency check s of the gro up commit ment set wi th the raw membershi p key, if one of t he checks i s not satisfi ed, selectin g a new po lynomial to provide a n ew group setup by aborting the proto col, starti ng the pro tocol from the beg inning, nor malizing the raw member ship key a nd calculat ing the mem bership k ey if check s are satisf ied, publis hing the group c ommitment set and the normalizin g vector se t, ● C alculating individual trapdoor c ommitmen ts using ran domly sam pled value s in the signatur e generatio n phase, s ending ind ividual tra pdoor com mitments t o all user s in the subgrou p ( ) of th e group of potenti al signers of n person s, calculat ing the ag gregated trapdoo r commitm ent to be used in th e individu al signatur e, calculat ing the in dividual signatur es, running the "Rejec tion Sampl ing" proced ure to indiv idual signa tures, recal culating individu al signatur es if a va lid signatu re cannot be generat ed as a re sult of "R ejection Samplin g", calcula ting the agg regated sig nature if a valid signa ture is gene rated as a result of "Rejecti on Samplin g", ● D uring the verificati on phase, any verif ier given public par ameters, s ubgroup informa tion , message, aggregated signature, group com mitment se t, and norm alizing vector s et shall per form trapd oor commit ment verif ication by c alculating individual message hashes f or all users in the sub group and verif ying that th e signature norm is be low the norm bo und given in the publi c parameter s.