Short Signatures From Weaker Assumptions

We provide constructions of (m,1)-programmable hash functions (PHFs) for m≥2. Mimicking certain programmability properties of random oracles, PHFs can, e.g., be plugged into the generic constructions by Hofheinz and Kiltz (J. Cryptol. 2011) to yield digital signature schemes from the strong RSA and strong q-Diffie-Hellman assumptions. As another application of PHFs, we propose new and efficient constructions of digital signature schemes from weaker assumptions, i.e., from the (standard, non-strong) RSA and the (standard, non-strong) q-Diffie-Hellman assumptions. The resulting signature schemes offer interesting tradeoffs between efficiency/signature length and the size of the public-keys. For example, our q-Diffie-Hellman signatures can be as short as 200 bits; the signing algorithm of our Strong RSA signature scheme can be as efficient as the one in RSA full domain hash; compared to previous constructions, our RSA signatures are shorter (by a factor of roughly 2) and we obtain a considerable efficiency improvement (by an even larger factor). All our constructions are in the standard model, i.e., without random oracles.

[1]  Kaoru Kurosawa,et al.  k-Resilient Identity-Based Encryption in the Standard Model , 2004, CT-RSA.

[2]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[3]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[4]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[5]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[6]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[7]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[8]  Tatsuaki Okamoto,et al.  Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[9]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[10]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[11]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[12]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[13]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[14]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[15]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[16]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[17]  Sanjit Chatterjee,et al.  Generalization of the Selective-ID Security Model for HIBE Protocols , 2006, Public Key Cryptography.

[18]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[19]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[20]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[21]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[22]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[23]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, EUROCRYPT.

[24]  Marc Joye,et al.  A Practical and Tightly Secure Signature Scheme Without Hash Function , 2007, CT-RSA.

[25]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[26]  Georg Fuchsbauer,et al.  Signatures on Randomizable Ciphertexts , 2011, Public Key Cryptography.

[27]  P. Erdös,et al.  Families of finite sets in which no set is covered by the union ofr others , 1985 .

[28]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[29]  Pooya Farshim,et al.  Generic Constructions of Identity-Based and Certificateless KEMs , 2008, Journal of Cryptology.

[30]  Abhi Shelat,et al.  Bounded CCA2-Secure Encryption , 2007, ASIACRYPT.

[31]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[32]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[33]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[34]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[35]  Mihir Bellare,et al.  Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme , 2009, EUROCRYPT.

[36]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[37]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[38]  Eike Kiltz,et al.  Direct chosen-ciphertext secure identity-based key encapsulation without random oracles , 2009, Theor. Comput. Sci..

[39]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, EUROCRYPT.

[40]  Yevgeniy Dodis,et al.  On the (In)Security of RSA Signatures , 2011, IACR Cryptol. ePrint Arch..

[41]  Sven Schäge,et al.  Tight Proofs for Signature Schemes without Random Oracles , 2011, EUROCRYPT.

[42]  Godfrey H. Hardy,et al.  An introduction to the theory of numbers (5. ed.) , 1995 .

[43]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[44]  Jörg Schwenk,et al.  A CDH-Based Ring Signature Scheme with Short Signatures and Public Keys , 2010, Financial Cryptography.

[45]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[46]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, Journal of Cryptology.

[47]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[48]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[49]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[50]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[51]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[52]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[53]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[54]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[55]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[56]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.