Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
- First Online:
- Cite this article as:
- Boneh, D. & Boyen, X. J Cryptol (2008) 21: 149. doi:10.1007/s00145-007-9005-7
- 542 Downloads
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.