Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures

We introduce the notion of automorphic signatures, which satisfy the following properties: the verification keys lie in the message space, messages and signatures consist of elements of a bilinear group, and verification is done by evaluating a set of pairing-product equations. These signatures make a perfect counterpart to the powerful proof system by Groth and Sahai (Eurocrypt 2008). We provide practical instantiations of automor- phic signatures under appropriate assumptions and use them to construct the first efficient round-optimal blind signatures. By combining them with Groth-Sahai proofs, we moreover give practical instantiations of various other cryptographic primitives, such as fully-secure group signatures, non-interactive anonymous credentials and anonymous proxy signatures. To do so, we show how to transform signature schemes whose message space is a group to a scheme that signs arbitrarily many messages at once.

[1]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[2]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[3]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[4]  Aggelos Kiayias,et al.  Concurrent Blind Signatures Without Random Oracles , 2006, SCN.

[5]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[6]  Douglas Wikström,et al.  Hierarchical Group Signatures , 2005, ICALP.

[7]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[8]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[9]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[10]  Amit Sahai,et al.  Ring Signatures of Sub-linear Size Without Random Oracles , 2007, ICALP.

[11]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[12]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[13]  Jens Groth,et al.  A Non-interactive Shuffle with Pairing Based Verifiability , 2007, ASIACRYPT.

[14]  Tatsuaki Okamoto,et al.  Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[15]  Marc Fischlin,et al.  A Closer Look at PKI: Security and Efficiency , 2007, Public Key Cryptography.

[16]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[17]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.

[18]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[22]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[23]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[24]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[25]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.

[26]  Bogdan Warinschi,et al.  Groth-Sahai proofs revisited , 2010, IACR Cryptol. ePrint Arch..

[27]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[28]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[29]  Michael K. Reiter,et al.  Alternatives to Non-malleability: Definitions, Constructions, and Applications (Extended Abstract) , 2004, TCC.

[30]  David Pointcheval,et al.  About the Security of MTI/C0 and MQV , 2006, SCN.

[31]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[32]  Georg Fuchsbauer,et al.  Anonymous Proxy Signatures , 2008, SCN.

[33]  Kenneth G. Paterson,et al.  Proxy Signatures Secure Against Proxy Key Exposure , 2008, Public Key Cryptography.

[34]  Aggelos Kiayias,et al.  Equivocal Blind Signatures and Adaptive UC-Security , 2008, TCC.

[35]  Georg Fuchsbauer,et al.  Proofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures , 2009, Pairing.

[36]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[37]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[38]  Benoît Libert,et al.  Multi-use unidirectional proxy re-signatures , 2008, CCS.

[39]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[40]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[41]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[42]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[43]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[44]  Georg Fuchsbauer,et al.  Transferable Constant-Size Fair E-Cash , 2009, IACR Cryptol. ePrint Arch..

[45]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[46]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[47]  Bogdan Warinschi,et al.  Secure Proxy Signature Schemes for Delegation of Signing Rights , 2010, Journal of Cryptology.

[48]  Markulf Kohlweiss,et al.  Compact E-Cash and Simulatable VRFs Revisited , 2009, Pairing.

[49]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[50]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[51]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[52]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[53]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[54]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[55]  Georg Fuchsbauer,et al.  Fair Blind Signatures without Random Oracles , 2010, AFRICACRYPT.

[56]  Yehuda Lindell,et al.  Concurrently-Secure Blind Signatures Without Random Oracles or Setup Assumptions , 2007, TCC.