Commuting Signatures and Verifiable Encryption

Verifiable encryption allows one to encrypt a signature while preserving its public verifiability. We introduce a new primitive called commuting signatures and verifiable encryption that extends this in multiple ways, such as enabling encryption of both signature and message while proving validity. More importantly, given a ciphertext, a signer can create a verifiably encrypted signature on the encrypted (unknown) message, which leads to the same result as first signing the message and then verifiably encrypting the message/signature pair; thus, signing and encrypting commute. Our instantiation is based on the recently introduced automorphic signatures and Groth-Sahai proofs, which we show to be homomorphic. We also prove a series of other properties and provide a novel approach to simulation. As an application, we give an instantiation of delegatable anonymous credentials, a primitive introduced by Belenkiy et al. Our construction is arguably simpler than theirs and it is the first to provide non-interactive (and thus concurrently secure) issuing and delegation protocols, which are significantly more efficient. Moreover, the size of our credentials and the cost of verification are less than half of those of the previous instantiation. All our constructions are proven secure in the standard model under known non-interactive assumptions.

[1]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[2]  Georg Fuchsbauer,et al.  Anonymous Proxy Signatures , 2008, SCN.

[3]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[4]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[5]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[6]  Georg Fuchsbauer Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials , 2010, IACR Cryptol. ePrint Arch..

[7]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[8]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[9]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[10]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[11]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[12]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[13]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[14]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[15]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[16]  Hovav Shacham,et al.  Pairing-Based Cryptography - Pairing 2009, Third International Conference, Palo Alto, CA, USA, August 12-14, 2009, Proceedings , 2009, Pairing.

[17]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[18]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures and a Construction without Random Oracles , 2009, Pairing.

[19]  Masayuki Abe,et al.  How to Date Blind Signatures , 1996, ASIACRYPT.

[20]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[21]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[22]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[23]  Georg Fuchsbauer,et al.  Signatures on Randomizable Ciphertexts , 2011, Public Key Cryptography.

[24]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[25]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[26]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[27]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[28]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[29]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[30]  Georg Fuchsbauer,et al.  Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures , 2009, IACR Cryptol. ePrint Arch..

[31]  Georg Fuchsbauer,et al.  Transferable Constant-Size Fair E-Cash , 2009, IACR Cryptol. ePrint Arch..

[32]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[33]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[34]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[35]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[36]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[37]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[38]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[39]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[40]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[41]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[42]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[43]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[44]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.