Multi-use unidirectional proxy re-signatures

In 1998, Blaze, Bleumer, and Strauss suggested a cryptographic primitive termed proxy re-signature in which a proxy transforms a signature computed under Alice's secret key into one from Bob on the same message. The proxy is only semi-trusted in that it cannot learn any signing key or sign arbitrary messages on behalf of Alice or Bob. At CCS 2005, Ateniese and Hohenberger revisited this primitive by providing appropriate security definitions and efficient constructions in the random oracle model. Nonetheless, they left open the problem of constructing a multi-use unidirectional scheme where the proxy is only able to translate in one direction and signatures can be re-translated several times. This paper provides the first steps towards efficiently solving this problem, suggested for the first time 10 years ago, and presents the first multi-hop unidirectional proxy re-signature schemes. Although our proposals feature a linear signature size in the number of translations, they are the first multi-use realizations of the primitive that satisfy the requirements of the Ateniese-Hohenberger security model. The first scheme is secure in the random oracle model. Using the same underlying idea, it readily extends into a secure construction in the standard model (i.e. the security proof of which avoids resorting to the random oracle idealization). Both schemes are computationally efficient but require newly defined Diffie-Hellman-like assumptions in bilinear groups.

[1]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[2]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[3]  Alexander W. Dent,et al.  The Hardness of the DHK Problem in the Generic Group Model , 2006, IACR Cryptol. ePrint Arch..

[4]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[5]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[6]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[7]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[8]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[9]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[10]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[11]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[12]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[13]  Satoshi Obana,et al.  The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures , 2004, EUROCRYPT.

[14]  Salil P Vadhan Theory of Cryptography, 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, The Netherlands, February 21-24, 2007, Proceedings , 2007, TCC.

[15]  David Pointcheval,et al.  About the Security of MTI/C0 and MQV , 2006, SCN.

[16]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Xiaohui Liang,et al.  Proxy Re-signature Schemes Without Random Oracles , 2007, INDOCRYPT.

[19]  Bogdan Warinschi,et al.  Secure Proxy Signature Schemes for Delegation of Signing Rights , 2010, Journal of Cryptology.

[20]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[21]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[22]  Alexandra Boldyreva,et al.  Efficient threshold signature , multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme , 2002 .

[23]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[24]  Susan Hohenberger,et al.  Advances in signatures, encryption, and E-Cash from bilinear groups , 2006 .

[25]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[26]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[27]  Susan Hohenberger,et al.  Proxy re-signatures: new definitions, algorithms, and applications , 2005, CCS '05.

[28]  Nigel P. Smart,et al.  On Computing Products of Pairings , 2006, IACR Cryptol. ePrint Arch..

[29]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[30]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[31]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[32]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[33]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[34]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[35]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.