Verifiably Encrypted Signatures from RSA without NIZKs

Verifiably encrypted signature (VES) schemes allow a signer to encrypt a signature under the public key of a trusted party, the adjudicator, while maintaining public signature verifiability without interactive proofs. A popular application for this concept is fair online contract signing. This paper answers the question of whether it is possible to implement a VES without pairings and zero-knowledge proofs. Our construction is based on RSA signatures and a Merkle hash tree. Hence, the scheme is stateful but relies on relatively mild assumptions in the random oracle model. Thus, we provide an alternative that does not rely on pairing-based assumptions. The advantage of our approach over previous schemes is that widespread efficient hard- and software implementations of hash functions and RSA signatures can be easily reused for VES, i.e., we can avoid costly redevelopment. Furthermore, in contrast to using non-interactive zero-knowledge proofs, we only need a constant, small number of modular exponentiations.

[1]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[2]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[3]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[4]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[5]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Reihaneh Safavi-Naini,et al.  Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings , 2003, INDOCRYPT.

[8]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[9]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[10]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[11]  Guomin Yang,et al.  Ambiguous Optimistic Fair Exchange , 2008, ASIACRYPT.

[12]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[13]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[14]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[15]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[16]  Tanja Lange,et al.  Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings , 2006, INDOCRYPT.

[17]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[18]  Frederik Vercauteren,et al.  On computable isomorphisms in efficient asymmetric pairing-based systems , 2007, Discret. Appl. Math..

[19]  Thomas Johansson,et al.  Progress in Cryptology - INDOCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[20]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[21]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[22]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[23]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[24]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[25]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[26]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[27]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[28]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[29]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures and a Construction without Random Oracles , 2009, Pairing.

[30]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[31]  Giuseppe Ateniese Verifiable encryption of digital signatures and applications , 2004, TSEC.

[32]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.