Digital Signatures with Minimal Overhead from Indifferentiable Random Invertible Functions

In a digital signature scheme with message recovery, rather than transmitting the message m and its signature σ, a single enhanced signature τ is transmitted. The verifier is able to recover m from τ and at the same time verify its authenticity. The two most important parameters of such a scheme are its security and overhead |τ| − |m|. A simple argument shows that for any scheme with “n bits security” |τ| − |m| ≥ n, i.e., the overhead is lower bounded by the security parameter n. Currently, the best known constructions in the random oracle model are far from this lower bound requiring an overhead of n + logq h , where q h is the number of queries to the random oracle. In this paper we give a construction which basically matches the n bit lower bound. We propose a simple digital signature scheme with n + o(logq h ) bits overhead, where q h denotes the number of random oracle queries.

[1]  Noga Alon,et al.  Testing triangle-freeness in general graphs , 2006, SODA '06.

[2]  Mihir Bellare,et al.  Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme , 2009, EUROCRYPT.

[3]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[4]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[5]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[8]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[9]  Eike Kiltz,et al.  Chosen Ciphertext Security with Optimal Ciphertext Overhead , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Ben Green Counting Sets With Small Sumset, And The Clique Number Of Random Cayley Graphs , 2005, Comb..

[11]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[12]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[13]  Jacques Verstraëte,et al.  A Note on Bipartite Graphs Without 2k-Cycles , 2005, Combinatorics, Probability and Computing.

[14]  Kazuki Yoneyama,et al.  Leaky Random Oracle , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[15]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[16]  Yevgeniy Dodis,et al.  Salvaging Merkle-Damgard for Practical Applications , 2009, IACR Cryptol. ePrint Arch..

[17]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[18]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[19]  Eike Kiltz,et al.  Digital Signatures with Minimal Overhead , 2012, IACR Cryptol. ePrint Arch..

[20]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[21]  Yannick Seurin,et al.  On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel Construction , 2011, IACR Cryptol. ePrint Arch..

[22]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[23]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[24]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[25]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[26]  David Pointcheval,et al.  Optimal Asymmetric Encryption and Signature Paddings , 2005, ACNS.

[27]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[28]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[29]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[30]  Stefano Tessaro,et al.  The equivalence of the random oracle model and the ideal cipher model, revisited , 2010, STOC '11.