A pairing-based blind signature scheme with message recovery

Blind signatures enable users to obtain valid signatures for a message without revealing its content to the signer. This paper presents a new blind signature scheme, i.e. identity-based blind sig- nature scheme with message recovery. Due to the message recovery property, the new scheme requires less bandwidth than the identity- based blind signatures with similar constructions. The scheme is based on modified Weil/Tate pairings over elliptic curves, and thus requires smaller key sizes for the same level of security compared to previous approaches not utilizing bilinear pairings. Security and efficiency analysis for the scheme is provided in this paper. but cannot be used as the RSA signature scheme for encryption by inter-changing the roles of the private and public transfor- mations. The advantages are obvious: applications without a hash function are possible, smaller bandwidth for signatures of small messages, and direct use in other schemes such as identity-based public key systems or key agreement protocols. Thanks to their motivations, it is interesting to construct an identity-based blind signature scheme with message recovery. The bilinear pairings (6), especially modified Weil/Tate pairings have been a useful tool for cryptographic protocols since Joux's work (18). Due to the desirable use of the bilinear pairings in public key cryptography, identity based cryptography has been re-investigated since Shamir proposed the first identity-based cryptosystem (25). Recently, some identity-based schemes based on pairings have been proposed. Interesting examples include Boneh and Franklin's id-based encryption from the Weil pairing (6), Hess's id-based signa- tures based on pairings (16), Han et al's committal deniable signatures (14) and undeniable signatures (15), Libert and Quisquater's undeniable signatures based on pairings (21), and Verhel's self-blindable credential certificates from pairings

[1]  Giuseppe Ateniese,et al.  Efficient Group Signatures without Trapdoors , 2003, ASIACRYPT.

[2]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[3]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[4]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[5]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[6]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[7]  Venansius Baryamureeba,et al.  PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOL 8 , 2005 .

[8]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[9]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[10]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[11]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[12]  Paulo S. L. M. Barreto,et al.  Fast hashing onto elliptic curves over fields of characteristic 3 , 2001, IACR Cryptol. ePrint Arch..

[13]  Rafail Ostrovsky,et al.  Security of blind digital signatures , 1997 .

[14]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[15]  Jean-Jacques Quisquater,et al.  Identity Based Undeniable Signatures , 2004, CT-RSA.

[16]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[17]  Alexandra Boldyreva,et al.  Efficient threshold signature , multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme , 2002 .

[18]  Song Han,et al.  Identity-based confirmer signatures from pairings over elliptic curves , 2003, EC '03.

[19]  Kristin E. Lauter,et al.  An Efficient Procedure to Double and Add Points on an Elliptic Curve , 2002, IACR Cryptol. ePrint Arch..

[20]  Song Han,et al.  Committal deniable signatures over elliptic curves , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[21]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[22]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[23]  Nigel P. Smart,et al.  Point Multiplication on Ordinary Elliptic Curves over Fields of Characteristic Three , 2003, Applicable Algebra in Engineering, Communication and Computing.

[24]  Patrick Horster,et al.  Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications , 1994, ASIACRYPT.

[25]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Masayuki Abe,et al.  How to Date Blind Signatures , 1996, ASIACRYPT.

[28]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.