Short Undeniable Signatures Based on Group Homomorphisms

This paper is devoted to the design and analysis of short undeniable signatures based on a random oracle. Exploiting their online property, we can achieve signatures with a fully scalable size depending on the security level. To this end, we develop a general framework based on the interpolation of group homomorphisms, leading to the design of a generic undeniable signature scheme called MOVA with batch verification and featuring nontransferability. By selecting group homomorphisms with a small group range, we obtain very short signatures. We also minimize the number of moves of the verification protocols by proposing some variants with only two moves in the random oracle model. We provide a formal security analysis of MOVA and assess the security in terms of the signature length. Under reasonable assumptions and with some carefully selected parameters, the MOVA scheme makes it possible to consider signatures of about 50 bits.

[1]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[2]  Markus Jakobsson,et al.  Blackmailing using Undeniable Signatures , 1994, EUROCRYPT.

[3]  I. G. MacDonald,et al.  Symmetric functions and Hall polynomials , 1979 .

[4]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[5]  Tsuyoshi Takagi,et al.  Efficient Undeniable Signature Schemes Based on Ideal Arithmetic in Quadratic Orders , 2004, Des. Codes Cryptogr..

[6]  Lynne M. Butler,et al.  A unimodality result in the enumeration of subgroups of a finite abelian group , 1987 .

[7]  Emmanuel Bresson,et al.  A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and Its Applications , 2003, ASIACRYPT.

[8]  Serge Vaudenay,et al.  Optimization of the MOVA Undeniable Signature Scheme , 2005, Mycrypt.

[9]  Hugo Krawczyk,et al.  RSA-Based Undeniable Signatures , 1997, Journal of Cryptology.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[12]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[13]  Kaoru Kurosawa,et al.  Universally Composable Undeniable Signature , 2008, ICALP.

[14]  Serge Vaudenay,et al.  Short 2-Move Undeniable Signatures , 2006, VIETCRYPT.

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[17]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[18]  Serge Vaudenay,et al.  The Newton Channel , 1996, Information Hiding.

[19]  Fabien Laguillaumie,et al.  Short Undeniable Signatures Without Random Oracles: The Missing Link , 2005, INDOCRYPT.

[20]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[21]  Jean Monnerat Short undeniable signatures , 2006 .

[22]  Kaoru Kurosawa,et al.  3-Move Undeniable Signature Scheme , 2005, EUROCRYPT.

[23]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[24]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[25]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[26]  David Chaum,et al.  Convertible Undeniable Signatures , 1990, CRYPTO.

[27]  Patrick Horster,et al.  Breaking and repairing a convertible undeniable signature scheme , 1996, CCS '96.

[28]  Pascal Junod,et al.  On the Optimality of Linear, Differential, and Sequential Distinguishers , 2003, EUROCRYPT.

[29]  Ivan Damgård,et al.  New Convertible Undeniable Signature Schemes , 1996, EUROCRYPT.

[30]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[31]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[32]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[33]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[34]  Markus Michels,et al.  E cient convertible undeniable signature schemes , 1997 .

[35]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[36]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[37]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[38]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[39]  Jan Camenisch,et al.  Confirmer Signature Schemes Secure against Adaptive Adversaries , 2000, EUROCRYPT.

[40]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[41]  Serge Vaudenay,et al.  Undeniable Signatures Based on Characters: How to Sign with One Bit , 2004, Public Key Cryptography.

[42]  Kaoru Kurosawa,et al.  The security of the FDH variant of Chaum's undeniable signature scheme , 2005, IEEE Transactions on Information Theory.

[43]  Serge Vaudenay,et al.  Digital Signature Schemes with Domain Parameters: Yet Another Parameter Issue in ECDSA , 2004, ACISP.

[44]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[45]  Ivan Bjerre Damgård,et al.  Advances in Cryptology — EUROCRYPT ’90 , 2001, Lecture Notes in Computer Science.

[46]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[47]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[48]  Gerrit Bleumer,et al.  Undeniable Signatures , 2011, Encyclopedia of Cryptography and Security.

[49]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[50]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[51]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[52]  David Pointcheval,et al.  Self-Scrambling Anonymizers , 2000, Financial Cryptography.

[53]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[54]  Tommy Färnqvist Number Theory Meets Cache Locality – Efficient Implementation of a Small Prime FFT for the GNU Multiple Precision Arithmetic Library , 2005 .

[55]  Kouichi Sakurai,et al.  An Anonymous Electronic Bidding Protocol Based on a New Convertible Group Signature Scheme , 2000, ACISP.

[56]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[57]  Serge Vaudenay,et al.  Generic Homomorphic Undeniable Signatures , 2004, ASIACRYPT.

[58]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[59]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[60]  Jean Monnerat,et al.  Short undeniable SignatureS: deSign, analySiS, and applicationS , 2006 .

[61]  Jean-Jacques Quisquater,et al.  Identity Based Undeniable Signatures , 2004, CT-RSA.

[62]  Rafael Pass,et al.  On Deniability in the Common Reference String and Random Oracle Model , 2003, CRYPTO.

[63]  Fabien Laguillaumie,et al.  Time-Selective Convertible Undeniable Signatures , 2005, CT-RSA.

[64]  Moti Yung,et al.  Weaknesses of undeniable signature schemes , 1991 .

[65]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[66]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[67]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[68]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[69]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[70]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.