International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2010: Advances in Cryptology - ASIACRYPT 2010 pp 519-538

Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures

  • Sarah Meiklejohn
  • Hovav Shacham
  • David Mandell Freeman
Conference paper

DOI: 10.1007/978-3-642-17373-8_30

Volume 6477 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Meiklejohn S., Shacham H., Freeman D.M. (2010) Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

Abstract

Beginning with the work of Groth and Sahai, there has been much interest in transforming pairing-based schemes in composite-order groups to equivalent ones in prime-order groups. A method for achieving such transformations has recently been proposed by Freeman, who identified two properties of pairings using composite-order groups—“cancelling” and “projecting”—on which many schemes rely, and showed how either of these properties can be obtained using prime-order groups.

In this paper, we give evidence for the existence of limits to such transformations. Specifically, we show that a pairing generated in a natural way from the Decision Linear assumption in prime-order groups can be simultaneously cancelling and projecting only with negligible probability.

As evidence that these properties can be helpful together as well as individually, we present a cryptosystem whose proof of security makes use of a pairing that is both cancelling and projecting. Our example cryptosystem is a simple round-optimal blind signature scheme that is secure in the common reference string model, without random oracles, and based on mild assumptions; it is of independent interest.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Sarah Meiklejohn
    • 1
  • Hovav Shacham
    • 1
  • David Mandell Freeman
    • 2
  1. 1.University of CaliforniaSan Diego, La JollaUSA
  2. 2.Stanford UniversityStanfordUSA