Structure-Preserving Signatures and Commitments to Group Elements

  • Masayuki Abe
  • Georg Fuchsbauer
  • Jens Groth
  • Kristiyan Haralambiev
  • Miyako Ohkubo
Conference paper

DOI: 10.1007/978-3-642-14623-7_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6223)
Cite this paper as:
Abe M., Fuchsbauer G., Groth J., Haralambiev K., Ohkubo M. (2010) Structure-Preserving Signatures and Commitments to Group Elements. In: Rabin T. (eds) Advances in Cryptology – CRYPTO 2010. CRYPTO 2010. Lecture Notes in Computer Science, vol 6223. Springer, Berlin, Heidelberg


A modular approach for cryptographic protocols leads to a simple design but often inefficient constructions. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest structure-preserving commitments and signatures to overcome this dilemma and provide a way to construct modular protocols with reasonable efficiency, while retaining conceptual simplicity.

We focus on schemes in bilinear groups that preserve parts of the group structure, which makes it easy to combine them with other primitives such as non-interactive zero-knowledge proofs for bilinear groups.

We say that a signature scheme is structure-preserving if its verification keys, signatures, and messages are elements in a bilinear group, and the verification equation is a conjunction of pairing-product equations. If moreover the verification keys lie in the message space, we call them automorphic. We present several efficient instantiations of automorphic and structure-preserving signatures, enjoying various other additional properties, such as simulatability. Among many applications, we give three examples: adaptively secure round-optimal blind signature schemes, a group signature scheme with efficient concurrent join, and an efficient instantiation of anonymous proxy signatures.

A further contribution is homomorphic trapdoor commitments to group elements which are also length reducing. In contrast, the messages of previous homomorphic trapdoor commitment schemes are exponents.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Masayuki Abe
    • 1
  • Georg Fuchsbauer
    • 2
  • Jens Groth
    • 3
  • Kristiyan Haralambiev
    • 4
  • Miyako Ohkubo
    • 5
  1. 1.Information Sharing Platform Laboratories, NTT CorporationJapan
  2. 2.École normale supérieure, CNRS - INRIA, ParisFrance
  3. 3.University College LondonUK
  4. 4.Computer Science DepartmentNew York UniversityUSA
  5. 5.National Institute of Information and Communications TechnologyJapan

Personalised recommendations