Short Randomizable Signatures

Digital signature is a fundamental primitive with numerous applications. Following the development of pairing-based cryptography, several taking advantage of this setting have been proposed. Among them, the Camenisch-Lysyanskaya CL signature scheme is one of the most flexible and has been used as a building block for many other protocols. Unfortunately, this scheme suffers from a linear size in the number of messages to be signed which limits its use in many situations. In this paper, we propose a new signature scheme with the same features as CL-signatures but without the linear-size drawback: our signature consists of only two elements, whatever the message length, and our algorithms are more efficient. This construction takes advantage of using type 3 pairings, that are already widely used for security and efficiency reasons. We prove the security of our scheme without random oracles but in the generic group model. Finally, we show that protocols using CL-signatures can easily be instantiated with ours, leading to much more efficient constructions.

[1]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[2]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[3]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[4]  Georg Fuchsbauer,et al.  Anonymous attestation with user-controlled linkability , 2013, International Journal of Information Security.

[5]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[6]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[7]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[8]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[9]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[12]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[13]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[14]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[15]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[16]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[17]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[18]  Jan Camenisch,et al.  Efficient Attributes for Anonymous Credentials , 2012, TSEC.

[19]  Mehdi Tibouchi,et al.  Structure-Preserving Signatures from Type II Pairings , 2014, CRYPTO.

[20]  Christof Paar,et al.  Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems , 2013, Privacy Enhancing Technologies.

[21]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[22]  Dong Hoon Lee,et al.  Aggregating CL-Signatures Revisited: Extended Functionality and Better Efficiency , 2013, Financial Cryptography.

[23]  Nicolas Desmoulins,et al.  Direct Anonymous Attestations with Dependent Basename Opening , 2014, CANS.

[24]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[25]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[26]  Sébastien Canard,et al.  Protecting privacy by sanitizing personal data: a new approach to anonymous credentials , 2013, ASIA CCS '13.

[27]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[28]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[29]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[30]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[31]  David Pointcheval,et al.  Divisible E-Cash Made Practical , 2015, Public Key Cryptography.

[32]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[33]  Jens Groth,et al.  Converting Cryptographic Schemes from Symmetric to Asymmetric Bilinear Groups , 2014, CRYPTO.

[34]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[35]  David Pointcheval,et al.  Divisible e-cash made practical , 2015, IET Inf. Secur..

[36]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[37]  Sanjit Chatterjee,et al.  Type 2 Structure-Preserving Signature Schemes Revisited , 2014, ASIACRYPT.

[38]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[39]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[40]  Anna Lysyanskaya,et al.  Anonymous credentials light , 2013, IACR Cryptol. ePrint Arch..

[41]  Melissa Chase,et al.  Algebraic MACs and Keyed-Verification Anonymous Credentials , 2014, CCS.

[42]  Christian Hanser,et al.  Structure-Preserving Signatures on Equivalence Classes and their Application to Anonymous Credentials , 2014, IACR Cryptol. ePrint Arch..

[43]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[44]  Amit Sahai,et al.  Pseudonym Systems (Extended Abstract) , 2000 .

[45]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[46]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[47]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..