Chapter

Public-Key Cryptography – PKC 2013

Volume 7778 of the series Lecture Notes in Computer Science pp 312-331

Tagged One-Time Signatures: Tight Security and Optimal Tag Size

  • Masayuki AbeAffiliated withNTT Secure Platform Laboratories
  • , Bernardo DavidAffiliated withUniversity of Brasilia
  • , Markulf KohlweissAffiliated withMicrosoft Research
  • , Ryo NishimakiAffiliated withNTT Secure Platform Laboratories
  • , Miyako OhkuboAffiliated withSecurity Architecture Laboratory, NSRI, NICT

* Final gross prices may vary according to local VAT.

Get Access

Abstract

We present an efficient structure-preserving tagged one-time signature scheme with tight security reductions to the decision-linear assumption. Our scheme features short tags consisting of a single group element and gives rise to the currently most efficient structure-preserving signature scheme based on the decision-liner assumption with constant-size signatures of only 14 group elements, where the record-so-far was 17 elements.

To demonstrate the advantages of our scheme, we revisit the work by Hofheinz and Jager (CRYPTO 2012) and present the currently most efficient tightly secure public-key encryption scheme. We also obtain the first structure-preserving public-key encryption scheme featuring both tight security and public verifiability.

Keywords

Tagged One-Time Signatures Structure-Preserving Signatures Tight Security Reduction Decision Linear Assumption