A Framework for Efficient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model

In this work, we present a generic framework for constructing efficient signature schemes, ring signature schemes, and identity based encryption schemes, all in the standard model (without relying on random oracles). We start by abstracting the recent work of Hohenberger and Waters (Crypto 2009), and specifically their “prefix method”. We show a transformation taking a signature scheme with a very weak security guarantee (a notion that we call a-priori-message unforgeability under static chosen message attack) and producing a fully secure signature scheme (i.e., existentially unforgeable under adaptive chosen message attack). Our transformation uses the notion of chameleon hash functions, defined by Krawczyk and Rabin (NDSS 2000) and the “prefix method”. Constructing such weakly secure schemes seems to be significantly easier than constructing fully secure ones, and we present simple constructions based on the RSA assumption, the short integer solution (SIS) assumption, and the computational Diffie-Hellman (CDH) assumption over bilinear groups. Next, we observe that this general transformation also applies to the regime of ring signatures. Using this observation, we construct new (provably secure) ring signature schemes: one is based on the short integer solution (SIS) assumption, and the other is based on the CDH assumption over bilinear groups. As a building block for these constructions, we define a primitive that we call ring trapdoor functions. We show that ring trapdoor functions imply ring signatures under a weak definition, which enables us to apply our transformation to achieve full security. Finally, we show a connection between ring signature schemes and identity based encryption (IBE) schemes. Using this connection, and using our new constructions of ring signature schemes, we obtain two IBE schemes: The first is based on the learning with error (LWE) assumption, and is similar to the recently introduced IBE scheme of Cash-Hofheinz-Kiltz-Peikert; The second is based on the d-linear assumption over bilinear groups.

[1]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[2]  R. Rivest,et al.  Ad-Hoc-Group Signatures from Hijacked Keypairs , 2005 .

[3]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[4]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2006, Essays in Memory of Shimon Even.

[6]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[7]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[8]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[9]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[10]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[11]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[12]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[13]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[14]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[15]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[16]  Chris Peikert,et al.  Generating Shorter Bases for Hard Random Lattices , 2009, Theory of Computing Systems.

[17]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[18]  Hovav Shacham,et al.  A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants , 2007, IACR Cryptol. ePrint Arch..

[19]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[20]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[21]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[22]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[23]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[24]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[25]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[26]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[27]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[28]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[29]  Germán Sáez,et al.  Forking Lemmas for Ring Signature Schemes , 2003, INDOCRYPT.

[30]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[31]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[32]  Jan Camenisch,et al.  Advances in cryptology - EUROCRYPT 2004 : International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004 : proceedings , 2004 .

[33]  Dengguo Feng,et al.  A Ring Signature Scheme Using Bilinear Pairings , 2004, WISA.

[34]  Joseph K. Liu,et al.  Ring Signature with Designated Linkability , 2006, IWSEC.

[35]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[36]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[37]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[38]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[39]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[40]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[41]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[42]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[43]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[44]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[45]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[46]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[47]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[48]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[49]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[50]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[51]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[52]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[53]  Jacques Stern,et al.  Threshold Ring Signatures and Applications to Ad-hoc Groups , 2002, CRYPTO.

[54]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.