Compact Structure-Preserving Signatures with Almost Tight Security

In structure-preserving cryptography, every building block shares the same bilinear groups. These groups must be generated for a specific, a priori fixed security level, and thus it is vital that the security reduction of all involved building blocks is as tight as possible. In this work, we present the first generic construction of structure-preserving signature schemes whose reduction cost is independent of the number of signing queries. Its chosen-message security is almost tightly reduced to the chosen-plaintext security of a structure-preserving public-key encryption scheme and the security of Groth-Sahai proof system. Technically, we adapt the adaptive partitioning technique by Hofheinz (Eurocrypt 2017) to the setting of structure-preserving signature schemes. To achieve a structure-preserving scheme, our new variant of the adaptive partitioning technique relies only on generic group operations in the scheme itself. Interestingly, however, we will use non-generic operations during our security analysis. Instantiated over asymmetric bilinear groups, the security of our concrete scheme is reduced to the external Diffie-Hellman assumption with linear reduction cost in the security parameter, independently of the number of signing queries. The signatures in our schemes consist of a larger number of group elements than those in other non-tight schemes, but can be verified faster, assuming their security reduction loss is compensated by increasing the security parameter to the next standard level.

[1]  Razvan Barbulescu,et al.  Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case , 2016, CRYPTO.

[2]  Reza Azarderakhsh,et al.  Efficient Implementation of Bilinear Pairings on ARM Processors , 2012, Selected Areas in Cryptography.

[3]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[4]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[5]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2012, Journal of Cryptology.

[6]  Eike Kiltz,et al.  Structure-Preserving Signatures from Standard Assumptions, Revisited , 2015, CRYPTO.

[7]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[8]  Goichiro Hanaoka,et al.  A Framework for Identity-Based Encryption with Almost Tight Security , 2015, ASIACRYPT.

[9]  Eike Kiltz,et al.  Tightly CCA-Secure Encryption Without Pairings , 2016, EUROCRYPT.

[10]  Dennis Hofheinz,et al.  Algebraic Partitioning: Fully Compact and (almost) Tightly Secure Cryptography , 2016, TCC.

[11]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[12]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[13]  Nigel P. Smart,et al.  High Security Pairing-Based Cryptography Revisited , 2006, ANTS.

[14]  Jens Groth,et al.  Fine-Tuning Groth-Sahai Proofs , 2014, IACR Cryptol. ePrint Arch..

[15]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[16]  Tibouchi Mehdi,et al.  Tightly-Secure Signatures From Lossy Identification Schemes , 2012 .

[17]  Georg Fuchsbauer,et al.  Batch Groth-Sahai , 2010, ACNS.

[18]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[19]  Paulo S. L. M. Barreto,et al.  Subgroup Security in Pairing-Based Cryptography , 2015, LATINCRYPT.

[20]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[21]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[22]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[23]  Jan Camenisch,et al.  Efficient Structure-Preserving Signature Scheme from Standard Assumptions , 2012, SCN.

[24]  Benoît Chevallier-Mames,et al.  An Efficient CDH-Based Signature Scheme with a Tight Security Reduction , 2005, CRYPTO.

[25]  Michael Scott,et al.  On the Efficient Implementation of Pairing-Based Protocols , 2011, IMACC.

[26]  Moti Yung,et al.  Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions , 2015, CRYPTO.

[27]  Dennis Hofheinz,et al.  Adaptive Partitioning , 2016, EUROCRYPT.

[28]  Francisco Rodríguez-Henríquez,et al.  Implementing Pairings at the 192-bit Security Level , 2012, IACR Cryptol. ePrint Arch..

[29]  Markulf Kohlweiss,et al.  A New Hash-and-Sign Approach and Structure-Preserving Signatures from DLIN , 2012, SCN.

[30]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[31]  Moti Yung,et al.  Compactly Hiding Linear Spans - Tightly Secure Constant-Size Simulation-Sound QA-NIZK Proofs and Applications , 2015, ASIACRYPT.

[32]  Jan Camenisch,et al.  Composable and Modular Anonymous Credentials: Definitions and Practical Constructions , 2015, ASIACRYPT.

[33]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[34]  Charanjit S. Jutla,et al.  Improved Structure Preserving Signatures Under Standard Bilinear Assumptions , 2017, Public Key Cryptography.

[35]  Rajeev Verma,et al.  Efficient Implementations of Pairing-Based Cryptography on Embedded Systems , 2015 .

[36]  Moti Yung,et al.  Concise Multi-challenge CCA-Secure Encryption and Signatures with Almost Tight Security , 2014, ASIACRYPT.

[37]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[38]  Sanjit Chatterjee,et al.  Another Look at Tightness II: Practical Issues in Cryptography , 2016, IACR Cryptol. ePrint Arch..

[39]  Andreas Enge,et al.  Implementing Cryptographic Pairings at Standard Security Levels , 2014, SPACE.

[40]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[41]  Michael Naehrig,et al.  Affine Pairings on ARM , 2012, Pairing.

[42]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[43]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[44]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.