Improving Signature Schemes with Tight Security Reductions

In 2003, Katz and Wang proposed the claw-free trapdoor full domain hash (CFT-FDH) which achieves a tight security for FDH signature schemes using the bit selector technique. However, it is noted that the CFT-FDH is not backward compatible with its original FDH counterpart, since the selected bit is hashed with the message, modifying the structure of the original signature. In this paper, we take a step further to propose a general framework that is able to achieve backward compatibility while maintaining the tight reduction of FDH signatures using the properties of trapdoor samplable relations and also Katz-Wang’s bit selector technique.

[1]  Marc Fischlin,et al.  Identification Protocols Secure against Reset Attacks , 2001, EUROCRYPT.

[2]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[3]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[4]  Qiong Huang,et al.  A Black-Box Construction of Strongly Unforgeable Signature Schemes in the Bounded Leakage Model , 2016, ProvSec.

[5]  Jacob C. N. Schuldt,et al.  On the Security of the Schnorr Signature Scheme and DSA Against Related-Key Attacks , 2015, ICISC.

[6]  Jonathan Katz Full-Domain Hash (and Related) Signature Schemes , 2010 .

[7]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[8]  Alfred Menezes,et al.  The random oracle model: a twenty-year retrospective , 2015, Designs, Codes and Cryptography.

[9]  Fuchun Guo,et al.  Optimal Security Reductions for Unique Signatures: Bypassing Impossibilities with A Counterexample , 2017, IACR Cryptol. ePrint Arch..

[10]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[11]  Stanislaw Jarecki,et al.  A Signature Scheme as Secure as the Diffie-Hellman Problem , 2003, EUROCRYPT.

[12]  Xavier Boyen,et al.  Towards Tightly Secure Short Signature and IBE , 2016, IACR Cryptol. ePrint Arch..

[13]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[14]  Chanathip Namprempre,et al.  Unrestricted Aggregate Signatures , 2007, ICALP.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Emmanuel Bresson,et al.  A Generalization of DDH with Applications to Protocol Analysis and Computational Soundness , 2007, CRYPTO.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[21]  Eike Kiltz,et al.  Optimal Security Proofs for Signatures from Identification Schemes , 2016, CRYPTO.

[22]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[23]  Chanathip Namprempre,et al.  From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security , 2002, EUROCRYPT.

[24]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[25]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[26]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[27]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[28]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[29]  Thomas Beth,et al.  Efficient Zero-Knowledge Identification Scheme for Smart Cards , 1988, EUROCRYPT.

[30]  Paulo S. L. M. Barreto,et al.  A family of implementation-friendly BN elliptic curves , 2011, J. Syst. Softw..

[31]  Kaoru Kurosawa,et al.  The security of the FDH variant of Chaum's undeniable signature scheme , 2005, IEEE Transactions on Information Theory.

[32]  Jean-Sébastien Coron,et al.  Optimal Security Proofs for PSS and Other Signature Schemes , 2002, EUROCRYPT.

[33]  Marie-Sarah Lacharité Security of BLS and BGLS signatures in a multi-user setting , 2017, Cryptography and Communications.

[34]  Jean-Sébastien Coron,et al.  A variant of Boneh-Franklin IBE with a tight reduction in the random oracle model , 2009, Des. Codes Cryptogr..

[35]  Ji-Jian Chin,et al.  A Variant of BLS Signature Scheme with Tight Security Reduction , 2017, MONAMI.

[36]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[37]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.