Journal of Cryptology

, Volume 29, Issue 4, pp 833–878 | Cite as

Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions

  • Masayuki Abe
  • Melissa Chase
  • Bernardo David
  • Markulf Kohlweiss
  • Ryo Nishimaki
  • Miyako Ohkubo


This paper presents efficient structure-preserving signature schemes based on simple assumptions such as decisional linear. We first give two general frameworks for constructing fully secure signature schemes from weaker building blocks such as variations of one-time signatures and random message secure signatures. They can be seen as refinements of the Even–Goldreich–Micali framework, and preserve many desirable properties of the underlying schemes such as constant signature size and structure preservation. We then instantiate them based on simple (i.e., not q-type) assumptions over symmetric and asymmetric bilinear groups. The resulting schemes are structure-preserving and yield constant-size signatures consisting of 11–14 group elements, which compares favorably to existing schemes whose security relies on q-type assumptions.


Structure-preserving signatures Tagged one-time signatures Partially one-time signatures Extended random message attacks 


  1. 1.
    M. Abe, J. Camenisch, M. Dubovitskaya, R. Nishimaki, Universally composable adaptive oblivious transfer (with access control) from standard assumptions, in DIM’13, Proceedings of the 2013 ACM Workshop on Digital Identity Management, Berlin, Germany (ACM, 2013), pp. 1–12Google Scholar
  2. 2.
    M. Abe, M. Chase, B. David, M. Kohlweiss, R. Nishimaki, M. Ohkubo, Constant-size structure-preserving signatures generic constructions and simple assumptions, in Advances in Cryptology—ASIACRYPT 2012, volume 7658 of LNCS, ed. by X. Wang, K. Sako (Springer, Berlin, 2012), pp. 4–12,Google Scholar
  3. 3.
    M. Abe, B. David, M. Kohlweiss, R. Nishimaki, M. Ohkubo, Tagged one-time signatures: tight security and optimal tag size, in Public-Key Cryptology—PKC 2013, volume 7778 of LNCS, ed. by K. Kurosawa, G. Hanaoka (Springer, Berlin, 2013), pp. 312–331Google Scholar
  4. 4.
    M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Structure-preserving signatures and commitments to group elements. J. Cryptol., (2015). doi: 10.1007/s00145-014-9196-7
  5. 5.
    M. Abe, J. Groth, K. Haralambiev, M. Ohkubo, Optimal structure-preserving signatures in asymmetric bilinear groups, in Advances in Cryptology—CRYPTO ’11. LNCS (Springer, Berlin, 2011)Google Scholar
  6. 6.
    M. Abe, J. Groth, M. Ohkubo, Separating short structure preserving signatures from non-interactive assumptions, in Advances in Cryptology—ASIACRYPT 2011, volume 7073 of LNCS, ed. by D. H. Lee, X. Wang (Springer, Berlin, 2011), pp. 628–646Google Scholar
  7. 7.
    M. Abe, K. Haralambiev, M. Ohkubo, Signing on group elements for modular protocol designs. IACR ePrint Archive, Report 2010/133, 2010.
  8. 8.
    M. Abe, M. Ohkubo, A framework for universally composable non-committing blind signatures. IJACT, 2(3), 229–249 (2012).MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, H. Shacham, Randomizable proofs and delegatable anonymous credentials, in Advances in Cryptology—CRYPTO 2009, volume 5677 of LNCS, ed. by S. Halevi (Springer, Berlin, 2009), pp. 108–125Google Scholar
  10. 10.
    M. Bellare, D. Micciancio, B. Warinschi, Foundations of group signatures: Formal definitions, simplified requirements and a construction based on general assumptions, in Advances in Cryptology—EUROCRYPT 2013, volume 2656 of LNCS, ed. by E. Biham (Springer, Berlin, 2003), pp. 614–629Google Scholar
  11. 11.
    M. Bellare, H. Shi, C. Zhang, Foundations of group signatures: the case of dynamic groups, in Topics in Cryptology—CT-RSA 2005, volume 3376 of LNCS, ed. by A. Menezes (Springer, Berlin, 2005), pp. 136–154. Full version available at IACR e-print 2004/077Google Scholar
  12. 12.
    M. Bellare, S. Shoup, Two-tier signatures, strongly unforgeable signatures, and Fiat–Shamir without random oracles, in Public-Key Cryptology—PKC 2007, volume 4450 of LNCS, ed. by T. Okamoto, X. Wang (Springer, Berlin, 2007), pp. 201–216Google Scholar
  13. 13.
    D. Boneh, X. Boyen, H. Shacham, Short group signatures, in Advances in Cryptology—CRYPTO 2004, volume 3152 of LNCS, ed. by M. Franklin (Springer, Berlin, 2004), pp. 41–55Google Scholar
  14. 14.
    D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Advances in Cryptology—EUROCRYPT 2003, volume 2656 of LNCS, ed. by E. Biham (Springer, Berlin, 2003), pp. 416–432Google Scholar
  15. 15.
    J. Camenisch, M. Dubovitskaya, K. Haralambiev, Efficient structure-preserving signature scheme from standard assumptions, in Security and Cryptography for Networks—SCN 2012, volume 7485 of LNCS, ed. by I. Visconti, R. De Prisco (Springer, Berlin, 2012), pp. 76–94Google Scholar
  16. 16.
    J. Cathalo, B. Libert, M. Yung, Group encryption: Non-interactive realization in the standard model, in Advances in Cryptology—ASIACRYPT 2009, volume 5912 of LNCS, ed. by M. Matsui (2009), pp. 179–196Google Scholar
  17. 17.
    M. Chase, M. Kohlweiss, A new hash-and-sign approach and structure-preserving signatures from DLIN, in Security and Cryptography for Networks-SCN 2012, volume 7485 of LNCS, ed. by I. Visconti, R. De Prisco (Springer, Berlin, 2012), pp. 131–148Google Scholar
  18. 18.
    M. Chase, M. Kohlweiss, A. Lysyanskaya, S. Meiklejohn, Malleable proof systems and applications, in Advances in Cryptology—EUROCRYPT 2012, volume 7237 of LNCS, ed. by D. Pointcheval, T. Johansson (Springer, Berlin, 2012), pp. 281–300Google Scholar
  19. 19.
    J. Chen, H. W. Lim, S. Ling, H. Wang, H. Wee, Shorter identity-based encryption via asymmetric pairings. Des. Codes Cryptogr., 73(3), 911–947 (2014)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput., 30(2), 391–437 (2000).MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    C. Dwork, M. Naor, An efficient existentially unforgeable signature scheme and its applications. J. Cryptol., 11(3), 187–208 (1998)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    S. Even, O. Goldreich, S. Micali, On-line/off-line digital signatures. J. Cryptol., 9(1), 35–67 (1996)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    M. Fischlin, Round-optimal composable blind signatures in the common reference model, in Advances in Cryptology—CRYPTO 2006, volume 4117 of LNCS, ed. by C. Dwork (Springer, Berlin, 2006), pp. 60–77Google Scholar
  24. 24.
    G. Fuchsbauer, Commuting signatures and verifiable encryption, in Advances in Cryptology—EUROCRYPT 2011, volume 6632 of LNCS, ed. by K. G. Paterson (Springer, Berlin, 2011), pp. 224–245Google Scholar
  25. 25.
    G. Fuchsbauer, D. Pointcheval, Anonymous proxy signatures, in Security and Cryptography for Networks—SCN 2008, volume 5229 of LNCS, ed. by R. Ostrovsky, R. De Prisco, I. Visconti (Springer, Berlin, 2008), pp. 201–217Google Scholar
  26. 26.
    G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Transferable constant-size fair e-cash, in Cryptology and Network Security—CANS 2009, volume 5888 of LNCS, ed. by J.A. Garay, A. Miyaji, A. Otsuka (Springer, Berlin, 2009), pp. 226–247Google Scholar
  27. 27.
    G. Fuchsbauer, D. Vergnaud, Fair blind signatures without random oracles, in Progress in Cryptology—AFRICACRYPT 2010, volume 6055 of LNCS, D. J. Bernstein, T. Lange (Springer, Berlin, 2010), pp. 16–33Google Scholar
  28. 28.
    S.D. Galbraith, K.G. Peterson, N.P. Smart, Pairings for cryptographers. Discrete Appl. Math., 156(16), 3113–3121 (2008)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput., 17(2), 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    M. Green, S. Hohenberger, Universally composable adaptive oblivious transfer, in Advances in Cryptology—ASIACRYPT 2008, volume 5350 of LNCS, ed. by J. Pieprzyk (Springer, Berlin, 2008), pp. 179–197Google Scholar
  31. 31.
    M. Green, S. Hohenberger, Practical adaptive oblivious transfer from simple assumptions, in Theory of Cryptography—TCC 2011, volume 6597 of LNCS, ed. by Y. Ishai (Springer, Berlin, 2011), pp. 347–363Google Scholar
  32. 32.
    J. Groth, Simulation-sound NIZK proofs for a practical language and constant size group signatures, in Advances in Cryptology—ASIACRYPT 2006, volume 4284 of LNCS, ed. by X. Lai, K. Chen (Springer, Berlin, 2006), pp. 444–459Google Scholar
  33. 33.
    J. Groth, A. Sahai, Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput., 41(5), 1193–1232 (2012).MathSciNetCrossRefMATHGoogle Scholar
  34. 34.
    D. Hofheinz, T. Jager, Tightly secure signatures and public-key encryption, in Advances in Cryptology—CRYPTO 2012, volume 7417 of LNCS, ed. by R. Naini, R. Canetti (Springer, Berlin, 2012), pp. 590–607Google Scholar
  35. 35.
    A. Kiayias, M. Yung, Group signatures with efficient concurrent join, in Advances in Cryptology—EUROCRYPT 2005, volume 3494 of LNCS, ed. by R. Cramer (Springer, Berlin, 2005), pp. 198–214Google Scholar
  36. 36.
    B. Libert, T. Peters, M. Yung, Scalable group signatures with revocation, in Advances in Cryptology—EUROCRYPT 2012, volume 7237 of LNCS, ed. by D. Pointcheval, T. Johansson (Springer,Berlin, 2012), pp. 609–627Google Scholar
  37. 37.
    Y. Lindell, A simpler construction of CCA2-secure public-key encryption under general assumptions. J. Cryptol., 19(3), 359–377 (2006)MathSciNetCrossRefMATHGoogle Scholar
  38. 38.
    M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in Symposium on Theory of Computing(STOC) 1990, ed. by H. Ortiz (ACM, NY, 1990), pp. 427–437Google Scholar
  39. 39.
    M. Rückert, D. Schröder, Security of verifiably encrypted signatures and a construction without random oracles, in Pairing-Based Cryptography—Pairing 2009, volume 5671 of LNCS, ed. by H. Shacham, B. Waters (Springer, Berlin, 2009), pp. 17–34Google Scholar
  40. 40.
    A. Sahai, Non-malleable non-interactive zero-knowledge and chosen-ciphertext security, in Foundations of Computer Science(FOCS) 1999 (IEEE Computer Society, Washington, DC, 1999) pp. 543–553Google Scholar
  41. 41.
    A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, A. Sahai. Robust non-interactive zero knowledge. in Advances in Cryptology—CRYPTO 2001, volume 2139 of LNCS, ed. by J. Kilian (Springer, Berlin, 2001), pp. 566–598Google Scholar
  42. 42.
    A. Shamir, Y. Tauman, Improved online/offline signature schemes, in Advances in Cryptology—CRYPTO 2001, volume 2139 of LNCS, ed. by J. Kilian (Springer, Berlin, 2001), pp. 355–367Google Scholar
  43. 43.
    V. Shoup, Lower bounds for discrete logarithms and related problems, in Advances in Cryptology—EUROCRYPT 1997, volume 1233 of LNCS, ed. by W. Fumy (Springer, Berlin, 1997), pp. 256–266Google Scholar
  44. 44.
    B. Waters, Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions, in Advances in Cryptology—CRYPTO 2009, volume 5677 of LNCS, ed. by S. Halevi (Springer, Berlin, 2009), pp. 619–636Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Masayuki Abe
    • 1
  • Melissa Chase
    • 2
  • Bernardo David
    • 3
  • Markulf Kohlweiss
    • 4
  • Ryo Nishimaki
    • 1
  • Miyako Ohkubo
    • 5
  1. 1.NTT Secure Platform LaboratoriesNTT CorporationTokyoJapan
  2. 2.Microsoft ResearchRedmondUSA
  3. 3.Aarhus UniversityAarhusDenmark
  4. 4.Microsoft ResearchCambridgeUK
  5. 5.Security Fundamentals Laboratory, NSRINICTTokyoJapan

Personalised recommendations