Efficient Structure-Preserving Signature Scheme from Standard Assumptions

We present an efficient signature scheme that facilitates Groth-Sahai proofs [25] of knowledge of a message, a verification key, and a valid signature on the message, without the need to reveal any of them. Such schemes are called structure-preserving. More precisely, the structure-preserving property of the signature scheme requires that verification keys, messages, and signatures are group elements and the verification predicate is a conjunction of pairing product equations. Our structure-preserving signature scheme supports multiple messages and is proven secure under the DLIN assumption. The signature consists of 53 + 6n group elements, where n is the number of messages signed, and to the best of our knowledge is the most efficient one secure under a standard assumption. We build the scheme from a CCA-2 secure structure-preserving encryption scheme which supports labels, non-interactive zero-knowledge (NIZK) proofs, and a suitable hard relation. We provide a concrete realization using the encryption scheme by Camenisch et al. [12], Groth- Sahai (GS) NIZK proofs, and an instance of the computational Diffie- Hellman (CDH) problem [17]. To optimize the scheme and achieve better efficiency, we also revisit the Camenisch et al. structure-preserving encryption scheme and GS NIZK proofs, and present a new technique for doing more efficient proofs for mixed types of equations, namely, for multi-exponentiation and pairing product equations, using pairing randomization techniques. Together with non-interactive zero-knowledge proofs, our scheme can be used as a building block for constructing efficient pairing-based cryptographic protocols that can be proven secure without assuming random oracles, such as anonymous credential systems [4], oblivious transfer [23,11], e-cash schemes [13], range and set membership proofs [9], blind signatures [20,3], group signatures [5].

[1]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[2]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[3]  Markulf Kohlweiss,et al.  A Domain Transformation for Structure-Preserving Signatures on Group Elements , 2011, IACR Cryptol. ePrint Arch..

[4]  Vincent Naessens,et al.  Structure Preserving CCA Secure Encryption and Applications , 2011, ASIACRYPT.

[5]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[6]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[9]  Matthew Green,et al.  Practical Adaptive Oblivious Transfer from Simple Assumptions , 2011, IACR Cryptol. ePrint Arch..

[10]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[11]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[12]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[13]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[14]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[15]  Rosario Gennaro,et al.  Public Key Cryptography - PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, March 6-9, 2011. Proceedings , 2011, Public Key Cryptography.

[16]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Georg Fuchsbauer,et al.  Proofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures , 2009, Pairing.

[19]  Georg Fuchsbauer,et al.  Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures , 2009, IACR Cryptol. ePrint Arch..

[20]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[21]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[22]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[23]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[24]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[25]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[26]  Masayuki Abe,et al.  A Framework for Universally Composable Non-committing Blind Signatures , 2009, ASIACRYPT.

[27]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[28]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[29]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control Policies , 2011, Public Key Cryptography.

[30]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[31]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[32]  Matthew Green,et al.  Universally Composable Adaptive Oblivious Transfer , 2008, IACR Cryptol. ePrint Arch..

[33]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[34]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[35]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[36]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[37]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[38]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[39]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[40]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[41]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[42]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..