Short Generic Transformation to Strongly Unforgeable Signature in the Standard Model

Standard signature schemes are usually devised to merely achieve existential unforgeability, i.e., to prevent forgeries on new messages not previously signed. Unfortunately, existential unforgeability is not suitable for several applications, since a new signature on a previously signed message may be produced. Therefore, there is a need to construct signature schemes with strong unforgeability, that is, it is hard to produce a new signature on any message, even if it has been signed before by legitimate signer. Recently, there have been several generic transformations proposed to convert weak unforgeability into strong unforgeability. For instance, various generic transforms of signatures that are existential unforgeable under adaptive chosen message attack (uf-cma) to strongly unforgeable under adaptive chosen message attack (suf-cma) have been proposed. Moreover, methods of converting signatures that are existentially unforgeable under generic chosen message attack (uf-gma) to uf-cma secure digital signatures have also been studied. Combination of these methods yields generic transform of digital signatures offering uf-gma security to suf-cma security. In this paper, we present a short universal transform that directly converts any uf-gma secure signatures into suf-cma secure. Our transform is the shortest generic transformation, in terms of signature size expansion, which results in suf-cma secure signature in the standard model. While our generic transformation can convert any uf-gma secure signature to suf-cma secure signature directly, the efficiency of ours is comparable to those which only transform signatures from uf-gma secure to uf-cma secure in the standard model.

[1]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[2]  Jin Li,et al.  Generic security-amplifying methods of ordinary digital signatures , 2012, Inf. Sci..

[3]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[4]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[5]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[6]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[7]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[8]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[9]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[10]  Emmanuel Bresson,et al.  Improved On-Line/Off-Line Threshold Signatures , 2007, Public Key Cryptography.

[11]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[12]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[13]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[14]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[15]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[16]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[17]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[18]  Isamu Teranishi,et al.  General Conversion for Obtaining Strongly Existentially Unforgeable Signatures , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[20]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[21]  Tanja Lange,et al.  Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings , 2006, INDOCRYPT.

[22]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[23]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[24]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[25]  Qiong Huang,et al.  Generic Transformation to Strongly Unforgeable Signatures , 2007, ACNS.

[26]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[27]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[28]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[29]  Ron Steinfeld,et al.  How to Strengthen Any Weakly Unforgeable Signature into a Strongly Unforgeable Signature , 2007, CT-RSA.

[30]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[31]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[32]  Joan Boyar,et al.  A discrete logarithm implementation of perfect zero-knowledge blobs , 1990, Journal of Cryptology.

[33]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[34]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[35]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[36]  Reihaneh Safavi-Naini,et al.  An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.