Advances in Cryptology – ASIACRYPT 2011

Volume 7073 of the series Lecture Notes in Computer Science pp 628-646

Separating Short Structure-Preserving Signatures from Non-interactive Assumptions

  • Masayuki AbeAffiliated withNTT Information Sharing Platform Laboratories, NTT Corporation
  • , Jens GrothAffiliated withUniversity College London
  • , Miyako OhkuboAffiliated withSecurity Architecture Laboratory, NSRI, NICT


Structure-preserving signatures are signatures whose public keys, messages, and signatures are all group elements in bilinear groups, and the verification is done by evaluating pairing product equations. It is known that any structure-preserving signature in the asymmetric bilinear group setting must include at least 3 group elements per signature and a matching construction exists.

In this paper, we prove that optimally short structure preserving signatures cannot have a security proof by an algebraic reduction that reduces existential unforgeability against adaptive chosen message attacks to any non-interactive assumptions. Towards this end, we present a handy characterization of signature schemes that implies the separation.


Structure-Preserving Signatures Algebraic Reduction Meta-Reduction