Security of Verifiably Encrypted Signatures and a Construction without Random Oracles

In a verifiably encrypted signature scheme, signers encrypt their signature under the public key of a trusted third party and prove that they did so correctly. The security properties, due to Boneh et al. (Eurocrypt 2003), are unforgeability and opacity. This paper proposes two novel fundamental requirements for verifiably encrypted signatures, called extractability and abuse-freeness , and analyzes its effects on the established security model. Extractability ensures that the trusted third party is always able to extract a valid signature from a valid verifiably encrypted signature and abuse-freeness guarantees that a malicious signer, who cooperates with the trusted party, is not able to forge a verifiably encrypted signature. We further show that both properties are not covered by the model of Boneh et al. The second main contribution of this paper is a verifiably encrypted signature scheme, provably secure without random oracles, that is more efficient and greatly improves the public key size of the only other construction in the standard model by Lu et al. (Eurocrypt 2006). Moreover, we present strengthened definitions for unforgeability and opacity in the spirit of strong unforgeability of digital signature schemes.

[1]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[2]  Yevgeniy Dodis,et al.  Optimistic Fair Exchange in a Multi-user Setting , 2007, J. Univers. Comput. Sci..

[3]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[4]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[5]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[6]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[7]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[8]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[9]  Florian Hess,et al.  On the security of the verifiably-encrypted signature scheme of Boneh, Gentry, Lynn and Shacham , 2004, Inf. Process. Lett..

[10]  Thomas Johansson,et al.  Progress in Cryptology - INDOCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[11]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[12]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[13]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[14]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[15]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[16]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[17]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[18]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[19]  Reihaneh Safavi-Naini,et al.  Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings , 2003, INDOCRYPT.

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[22]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.