Efficient Fully Structure-Preserving Signatures and Shrinking Commitments

In structure-preserving signatures, public keys, messages, and signatures are all collections of source group elements of some bilinear groups. In this paper, we introduce fully structure-preserving signature schemes, with the additional requirement that even secret keys are group elements. This strong property allows efficient non-interactive proofs of knowledge of the secret key, which is useful in designing cryptographic protocols under simulation-based security where online extraction of the secret key is needed. We present efficient constructions under simple standard assumptions and pursue even more efficient constructions with the extra property of randomizability based on the generic bilinear group model. An essential building block for our efficient standard model construction is a shrinking structure-preserving trapdoor commitment scheme, which is by itself an important primitive and of independent interest as it appears to contradict a known impossibility result that structure-preserving commitments cannot be shrinking. We argue that a relaxed binding property lets us circumvent the impossibility while still retaining the usefulness of the primitive in important applications as mentioned above.

[1]  Tibor Jager,et al.  Generic Compilers for Authenticated Key Exchange , 2010, ASIACRYPT.

[2]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[3]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials , 2018, Journal of Cryptology.

[4]  Masayuki Abe,et al.  Group to Group Commitments Do Not Shrink , 2012, EUROCRYPT.

[5]  Jan Camenisch,et al.  A Framework for Practical Universally Composable Zero-Knowledge Protocols , 2011, IACR Cryptol. ePrint Arch..

[6]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2006, Journal of Cryptology.

[7]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[8]  Masayuki Abe,et al.  A Framework for Universally Composable Non-committing Blind Signatures , 2009, ASIACRYPT.

[9]  Mehdi Tibouchi,et al.  Fully Structure-Preserving Signatures and Shrinking Commitments , 2015, EUROCRYPT.

[10]  Jan Camenisch,et al.  Composable and Modular Anonymous Credentials: Definitions and Practical Constructions , 2015, ASIACRYPT.

[11]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[12]  Mehdi Tibouchi,et al.  Structure-Preserving Signatures from Type II Pairings , 2014, CRYPTO.

[13]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2012, Journal of Cryptology.

[14]  Vincent Naessens,et al.  Structure Preserving CCA Secure Encryption and Applications , 2011, ASIACRYPT.

[15]  Jens Groth,et al.  Separating Short Structure-Preserving Signatures from Non-interactive Assumptions , 2011, ASIACRYPT.

[16]  Jens Groth,et al.  Efficient Fully Structure-Preserving Signatures for Large Messages , 2015, IACR Cryptol. ePrint Arch..

[17]  Ivan Damgård,et al.  Non-interactive and reusable non-malleable commitment schemes , 2003, STOC '03.

[18]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[19]  Goichiro Hanaoka,et al.  How to Obtain Fully Structure-Preserving (Automorphic) Signatures from Structure-Preserving Ones , 2016, ASIACRYPT.

[20]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[21]  Mehdi Tibouchi,et al.  Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures , 2014, IACR Cryptol. ePrint Arch..

[22]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[23]  Georg Fuchsbauer,et al.  Commuting Signatures and Verifiable Encryption , 2011, EUROCRYPT.

[24]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[25]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[26]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[27]  Jan Camenisch,et al.  On the Impossibility of Structure-Preserving Deterministic Primitives , 2014, TCC.

[28]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[29]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[30]  Mehdi Tibouchi,et al.  Strongly-optimal structure preserving signatures from Type II pairings: synthesis and lower bounds , 2016, IET Inf. Secur..

[31]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[32]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[33]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[34]  Sarah Meiklejohn,et al.  An Extension of the Groth-Sahai Proof System , 2009 .

[35]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[36]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[37]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[38]  Rosario Gennaro,et al.  Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results , 2008, Public Key Cryptography.

[39]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[40]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[41]  Markulf Kohlweiss,et al.  Malleable Signatures: New Definitions and Delegatable Anonymous Credentials , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[42]  Jens Groth,et al.  Fine-Tuning Groth-Sahai Proofs , 2014, IACR Cryptol. ePrint Arch..

[43]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[44]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[45]  Frederik Vercauteren,et al.  On computable isomorphisms in efficient asymmetric pairing-based systems , 2007, Discret. Appl. Math..

[46]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[47]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[48]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..