Journal of Cryptology

, Volume 21, Issue 2, pp 149–177

Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups


DOI: 10.1007/s00145-007-9005-7

Cite this article as:
Boneh, D. & Boyen, X. J Cryptol (2008) 21: 149. doi:10.1007/s00145-007-9005-7


We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.


Digital signaturesBilinear pairingsStrong unforgeabilityStandard model

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA
  2. 2.Voltage Security Inc.Palo AltoUSA