Practical verifiably encrypted signature based on Waters signatures

Waters proposed the first efficient signature scheme that is known to be existentially unforgeable based on the standard computational Diffie-Hellman assumption without random oracles. Lu et al. then proposed the first verifiably encrypted signature (VES) scheme based on Waters signatures. However, the security proofs of Lu et al. and some other VES schemes are built on the certified-key model, in which the key pair of the adjudicator is chosen by the simulator rather than the signature forger. It demands that the adjudicator must be honest enough never to forge signatures. In the real world, it is hard for users to choose such trusted third party. In this study, the authors first show that Lu et al.’s VES is not secure in the chosen-key model by presenting a rogue key attack. Then they present the first VES scheme based on Waters signatures secure in the chosen-key model, where two inside adversaries, malicious adjudicator and malicious verifier, have more powers than ever.

[1]  Li Xiang-xue Verifiably Encrypted Signatures Without Random Oracles , 2006 .

[2]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[3]  Zuhua Shao,et al.  Certificate-based verifiably encrypted signatures from pairings , 2008, Inf. Sci..

[4]  Zuhua Shao,et al.  Practical verifiably encrypted signatures without random oracles , 2014, Inf. Sci..

[5]  Yevgeniy Dodis,et al.  Breaking and repairing optimistic fair exchange from PODC 2003 , 2003, DRM '03.

[6]  Giuseppe Ateniese,et al.  Efficient verifiable encryption (and fair exchange) of digital signatures , 1999, CCS '99.

[7]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[8]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[9]  Jianhong Zhang,et al.  A Novel Verifiably Encrypted Signature Scheme Without Random Oracle , 2007, ISPEC.

[10]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures and a Construction without Random Oracles , 2009, Pairing.

[11]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[12]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[13]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[14]  Zuhua Shao,et al.  Fair exchange protocol of signatures based on aggregate signatures , 2008, Comput. Commun..

[15]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.

[18]  Yang Ming,et al.  An Efficient Verifiably Encrypted Signature Scheme without Random Oracles , 2009, Int. J. Netw. Secur..

[19]  M. Bellare,et al.  Multi-Recipient Encryption Schemes: Security Notions and Randomness Re-Use , 2003 .

[20]  Ashutosh Saxena,et al.  Verifiably Encrypted Signature Scheme Without Random Oracles , 2005, ICDCIT.

[21]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[22]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[23]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[24]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles , 2013, Journal of Cryptology.