A Constant-Size Signature Scheme with a Tighter Reduction from the CDH Assumption

We present a signature scheme with the tightest security-reduction among known constant-size signature schemes secure under the computational Diffie-Hellman (CDH) assumption. It is important to reduce the security-reduction loss of a cryptosystem, which enables choosing of a smaller security parameter without compromising security; hence, enabling constant-size signatures for cryptosystems and faster computation. The tightest security reduction thus far from the CDH assumption is \(\mathcal {O}(q)\), presented by Hofheinz et al., where q is the number of signing queries. They also proved that the security loss of \(\mathcal {O}(q)\) is optimal if signature schemes are “re-randomizable”. In this paper, we revisit the non-re-randomizable signature scheme proposed by Bohl et al. Their signature scheme is the first that is fully secure under the CDH assumption and has a compact public key. However, they constructed the scheme with polynomial-order security-reduction loss. We first constructed a new existentially unforgeable against extended random-message attack (EUF-XRMA) secure scheme based on Bohl et al.’s scheme, which has tighter security reduction of \(\mathcal {O}(q/d)\) to the CDH assumption, where d is the number of group elements in a verification key. We then transformed the EUF-XRMA secure signature scheme into an existentially unforgeable against adaptively chosen-message attack (EUF-CMA) secure one using Abe et al.’s technique. In this construction, no pseudorandom function, which results in increase of reduction loss, is used, and the above reduction loss can be achieved. Moreover, a tag can be generated more efficiently than Bohl et al.’s signature scheme, which results in smaller computation. Consequently, our EUF-CMA secure scheme has tighter security reduction to the CDH assumption than any previous schemes.

[1]  Sven Schäge,et al.  Tight Proofs for Signature Schemes without Random Oracles , 2011, EUROCRYPT.

[2]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[3]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[4]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[5]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[6]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[7]  Stanislaw Jarecki,et al.  A Signature Scheme as Secure as the Diffie-Hellman Problem , 2003, EUROCRYPT.

[8]  Dennis Hofheinz,et al.  Algebraic Partitioning: Fully Compact and (almost) Tightly Secure Cryptography , 2016, TCC.

[9]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[10]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2012, Journal of Cryptology.

[11]  Benoît Chevallier-Mames,et al.  An Efficient CDH-Based Signature Scheme with a Tight Security Reduction , 2005, CRYPTO.

[12]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[13]  Marc Joye,et al.  A Practical and Tightly Secure Signature Scheme Without Hash Function , 2007, CT-RSA.

[14]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[15]  Léo Ducas,et al.  Improved Short Lattice Signatures in the Standard Model , 2014, CRYPTO.

[16]  Jae Hong Seo Short Signatures from Diffie-Hellman, Revisited: Sublinear Public Key, CMA Security, and Tighter Reduction , 2014, IACR Cryptol. ePrint Arch..

[17]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[20]  Tibor Jager,et al.  Confined Guessing: New Signatures From Standard Assumptions , 2014, Journal of Cryptology.

[21]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[22]  Dan Boneh,et al.  A Secure Signature Scheme from Bilinear Maps , 2003, CT-RSA.

[23]  Tibor Jager,et al.  Practical Signatures from Standard Assumptions , 2013, EUROCRYPT.

[24]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[25]  Tibor Jager,et al.  Waters Signatures with Optimal Security Reduction , 2012, Public Key Cryptography.

[26]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[27]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.