Journal of Cryptology

, Volume 21, Issue 2, pp 149-177

First online:

Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups

  • Dan BonehAffiliated withStanford University
  • , Xavier BoyenAffiliated withVoltage Security Inc. Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.


Digital signatures Bilinear pairings Strong unforgeability Standard model