Signatures with Tight Multi-user Security from Search Assumptions

We construct two tightly secure signature schemes based on the computational Diffie-Hellman (CDH) and factoring assumptions in the random oracle model. Our schemes are proven secure in the multi-user setting, and their security loss is constant and does not depend on the number of users or signing queries. They are the first schemes that achieve this based on standard search assumptions, as all existing schemes we are aware of are either based on stronger decisional assumptions, or proven tightly secure in the less realistic single-user setting. Under a concrete estimation, in a truly large scale, the cost of our CDH-based scheme is about half of Schnorr and DSA (in terms of signature size and running time for signing).

[1]  Fuchun Guo,et al.  Optimal Security Reductions for Unique Signatures: Bypassing Impossibilities with A Counterexample , 2017, IACR Cryptol. ePrint Arch..

[2]  Mihir Bellare,et al.  Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme , 2009, EUROCRYPT.

[3]  Eike Kiltz,et al.  Tightly CCA-Secure Encryption Without Pairings , 2016, EUROCRYPT.

[4]  Dawu Gu,et al.  A generic construction of tightly secure signatures in the multi-user setting , 2019, Theor. Comput. Sci..

[5]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[6]  Arnab Roy,et al.  Shorter QA-NIZK and SPS with Tighter Security , 2019, IACR Cryptol. ePrint Arch..

[7]  Jeremiah Blocki,et al.  On the Multi-User Security of Short Schnorr Signatures , 2019, IACR Cryptol. ePrint Arch..

[8]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[9]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[10]  Eike Kiltz,et al.  Optimal Security Proofs for Full Domain Hash, Revisited , 2012, Journal of Cryptology.

[11]  Tibor Jager,et al.  Tightly Secure Signatures and Public-Key Encryption , 2012, CRYPTO.

[12]  Benoît Chevallier-Mames,et al.  An Efficient CDH-Based Signature Scheme with a Tight Security Reduction , 2005, CRYPTO.

[13]  Mihir Bellare,et al.  From Identification to Signatures, Tightly: A Framework and Generic Transforms , 2016, ASIACRYPT.

[14]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[15]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[16]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[17]  Fuchun Guo,et al.  Tightly Secure Public-Key Cryptographic Schemes from One-More Assumptions , 2019, Journal of Computer Science and Technology.

[18]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[19]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[20]  Ueli Maurer,et al.  Diffie-Hellman Oracles , 1996, CRYPTO.

[21]  Daniel J. Bernstein Multi-user Schnorr security, revisited , 2015, IACR Cryptol. ePrint Arch..

[22]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[23]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[24]  Steven D. Galbraith,et al.  Public key signatures in the multi-user setting , 2002, Inf. Process. Lett..

[25]  Silvio Micali,et al.  Improving the exact security of digital signature schemes , 2001, Journal of Cryptology.

[26]  Sanjit Chatterjee,et al.  Another Look at Tightness II: Practical Issues in Cryptography , 2016, IACR Cryptol. ePrint Arch..

[27]  Bert den Boer Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[28]  Eike Kiltz,et al.  Optimal Security Proofs for Signatures from Identification Schemes , 2016, CRYPTO.

[29]  Andrew Morgan,et al.  On the Security Loss of Unique Signatures , 2018, IACR Cryptol. ePrint Arch..

[30]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[31]  Daniel J. Bernstein Proving Tight Security for Rabin-Williams Signatures , 2008, EUROCRYPT.

[32]  Tibor Jager,et al.  Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange , 2018, IACR Cryptol. ePrint Arch..

[33]  Eike Kiltz,et al.  On the Provable Security of (EC)DSA Signatures , 2016, CCS.

[34]  Eike Kiltz,et al.  Tightly-Secure Signatures from Five-Move Identification Protocols , 2017, ASIACRYPT.

[35]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[36]  Mehdi Tibouchi,et al.  Tightly-Secure Signatures from Lossy Identification Schemes , 2012, EUROCRYPT.

[37]  Tibor Jager,et al.  Highly Efficient Key Exchange Protocols with Optimal Tightness - Enabling real-world deployments with theoretically sound parameters , 2019, IACR Cryptol. ePrint Arch..

[38]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[39]  Masayuki Abe,et al.  Improved (Almost) Tightly-Secure Simulation-Sound QA-NIZK with Applications , 2018, IACR Cryptol. ePrint Arch..

[40]  Tibor Jager,et al.  On the Impossibility of Tight Cryptographic Reductions , 2016, IACR Cryptol. ePrint Arch..

[41]  Tibor Jager,et al.  Tightly-Secure Authenticated Key Exchange , 2015, IACR Cryptol. ePrint Arch..

[42]  Dennis Hofheinz,et al.  More Efficient (Almost) Tightly Secure Structure-Preserving Signatures , 2018, IACR Cryptol. ePrint Arch..