Advertisement

Designs, Codes and Cryptography

, Volume 77, Issue 1, pp 61–98 | Cite as

Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES

  • Ryo Nishimaki
  • Keita Xagawa
Article

Abstract

Verifiably encrypted signatures (VES) are encrypted signatures under a public key of a trusted third party. We can verify their validity without decryption. VES has useful applications such as online contract signing and optimistic fair exchange. We propose a VES scheme that is secure under the decisional linear (DLIN) assumption in the standard model. We also propose new obfuscators for encrypted signatures (ES) and encrypted VES (EVES) that are secure under the DLIN assumption. All previous VES schemes in the standard model are either secure under standard assumptions (such as the computational Diffie–Hellman assumption) with large verification (or secret) keys or secure under non-standard dynamic \(q\)-type assumptions (such as the \(q\)-strong Diffie–Hellman extraction assumption) with short verification keys. Our scheme is the first VES scheme with short verification (and secret) keys secure under the DLIN assumption (standard assumption). We construct new obfuscators for ES/EVES as byproducts of our new VES scheme. They are more efficient than previous obfuscators with respect to public key size. Previous obfuscators for EVES are secure under non-standard assumption and use zero-knowledge (ZK) proof systems and Fiat–Shamir heuristics to obtain non-interactive ZK, i.e., its security is considered in the random oracle model. Thus, our scheme also has an advantage with respect to assumptions and the security model. Our new obfuscator for ES is obtained from our new obfuscator for EVES.

Keywords

Verifiably encrypted signature Obfuscation Encrypted verifiably encrypted signature Decisional linear assumption 

Mathematics Subject Classification

94A60 Cryptography 

Notes

Acknowledgments

The authors would like to thank Mehdi Tibouchi for his useful comments on encodings between \(\mathbb {Z}_p\) and \(\mathbb {G}\). The authors would like to thank the anonymous reviewers of PKC 2012, 2013, and Designs, Codes and Cryptography for their useful comments and suggestions.

References

  1. 1.
    Abe M., Chase M., David B., Kohlweiss M., Nishimaki R., Ohkubo M.: Constant-size structure-preserving signatures: generic constructions and simple assumptions. In: ASIACRYPT’12. Lecture Notes in Computer Science, vol. 7658, pp. 4–24. Springer, Berlin (2012).Google Scholar
  2. 2.
    Asokan N., Shoup V., Waidner M.: Optimistic fair exchange of digital signatures (extended abstract). In: EUROCRYPT’98. Lecture Notes in Computer Science, vol. 1403, pp. 591–606. Springer, Berlin (1998).Google Scholar
  3. 3.
    Bao F., Deng R.H., Mao W.: Efficient and practical fair exchange protocols with off-line TTP. In: IEEE Symposium on Security and Privacy’98, pp. 77–85. IEEE Computer Society, Washington, DC (1998).Google Scholar
  4. 4.
    Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S.P., Yang K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012).Google Scholar
  5. 5.
    Belenkiy M., Camenisch J., Chase M., Kohlweiss M., Lysyanskaya A., Shacham H.: Randomizable proofs and delegatable anonymous credentials. In: CRYPTO’09. Lecture Notes in Computer Science, vol. 5677, pp. 108–125. Springer, Berlin (2009).Google Scholar
  6. 6.
    Bitansky N., Canetti R.: On strong simulation and composable point obfuscation. In: CRYPTO’10. Lecture Notes in Computer Science, vol. 6223, pp. 520–537 (2010).Google Scholar
  7. 7.
    Boneh D., Boyen X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008).Google Scholar
  8. 8.
    Boneh D., Franklin M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003).Google Scholar
  9. 9.
    Boneh D., Boyen X., Shacham H.: Short group signatures. In: CRYPTO’04. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Berlin (2004).Google Scholar
  10. 10.
    Boneh D., Lynn B., Shacham H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004).Google Scholar
  11. 11.
    Boneh D., Shen E., Waters B.: Strongly unforgeable signatures based on computational Diffie–Hellman. In: PKC’06. Lecture Notes in Computer Science, vol. 3958, pp. 229–240. Springer, Berlin (2006).Google Scholar
  12. 12.
    Boneh D., Gentry C., Lynn B., Shacham H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: EUROCRYPT’03. Lecture Notes in Computer Science, vol. 2656, pp. 416–432. Springer, Berlin (2003).Google Scholar
  13. 13.
    Brakerski Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: CRYPTO’12. Lecture Notes in Computer Science, vol. 7417, pp. 868–886. Springer, Berlin (2012).Google Scholar
  14. 14.
    Brakerski Z., Vaikuntanathan V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS, pp. 97–106. IEEE Press, New York, NY (2011).Google Scholar
  15. 15.
    Brakerski Z., Gentry C., Vaikuntanathan V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS, pp. 309–325. ACM Press, New york, NY (2012).Google Scholar
  16. 16.
    Canetti R.: Towards realizing random oracles: Hash functions that hide all partial information. In: CRYPTO’97. Lecture Notes in Computer Science, vol. 1294, pp. 455–469. Springer, Berlin (1997).Google Scholar
  17. 17.
    Canetti R., Dakdouk R.R.: Obfuscating point functions with multibit output. In: EUROCRYPT’08. Lecture Notes in Computer Science, vol. 4965, pp. 489–508. Springer, Berlin (2008).Google Scholar
  18. 18.
    Canetti R., Varia M.: Non-malleable obfuscation. In: TCC’09. Lecture Notes in Computer Science, vol. 5444, pp. 73–90. Springer, Berlin (2009).Google Scholar
  19. 19.
    Canetti R., Micciancio D., Reingold O.: Perfectly one-way probabilistic hash functions (preliminary version). In: STOC’98, pp. 131–140. ACM Press, New York, NY (1998).Google Scholar
  20. 20.
    Canetti R., Rothblum G.N., Varia M.: Obfuscation of hyperplane membership. In: TCC’10. Lecture Notes in Computer Science, vol. 5978, pp. 72–89. Springer, Berlin (2010).Google Scholar
  21. 21.
    Canetti R., Kalai Y.T., Varia M., Wichs D.: On symmetric encryption and point obfuscation. In: TCC’10. Lecture Notes in Computer Science, vol. 5978, pp. 52–71. Springer, Berlin (2010).Google Scholar
  22. 22.
    Chandran N., Chase M., Vaikuntanathan V.: Collusion resistant obfuscation and functional re-encryption. In: TCC’12. Lecture Notes in Computer Science, vol. 7194, pp. 404–421. Springer, Berlin (2012).Google Scholar
  23. 23.
    Cheng R., Zhang B., Zhang F.: Secure obfuscation of encrypted verifiable encrypted signatures. In: ProvSec’11. Lecture Notes in Computer Science, vol. 6980, pp. 188–203. Springer, Berlin (2011).Google Scholar
  24. 24.
    Cheon J.H., Coron J.S., Kim J., Lee M.S., Lepoint T., Tibouchi M., Yun A.: Batch fully homomorphic encryption over the integers. In: EUROCRYPT’13. Lecture Notes in Computer Science, vol. 7881, pp. 315–335. Springer, Berlin (2013).Google Scholar
  25. 25.
    Coron J.S., Naccache D.: Boneh et al’.s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption. In: ASIACRYPT’03. Lecture Notes in Computer Science, vol. 2894, pp. 392–397. Springer, Berlin (2003).Google Scholar
  26. 26.
    Coron J.S., Mandal A., Naccache D., Tibouchi M.: Fully homomorphic encryption over the integers with shorter public keys. In: CRYPTO’11. Lecture Notes in Computer Science, vol. 6841, pp. 487–504. Springer, Berlin (2011).Google Scholar
  27. 27.
    Dodis Y., Smith A.: Correcting errors without leaking partial information. In: STOC’05, pp. 654–663. ACM Press, New York, NY (2005).Google Scholar
  28. 28.
    Dodis Y., Lee P.J., Yum D.H.: Optimistic fair exchange in a multi-user setting. In: PKC’07. Lecture Notes in Computer Science, vol. 4450, pp. 118–133. Springer, Berlin (2007).Google Scholar
  29. 29.
    Fouque P.A., Joux A., Tibouchi M.: Injective encodings to elliptic curves. In: ACISP’13. Lecture Notes in Computer Science, vol. 7959, pp. 203–218. Springer, Berlin (2013).Google Scholar
  30. 30.
    Fuchsbauer G.: Commuting signatures and verifiable encryption. In: EUROCRYPT’11. Lecture Notes in Computer Science, vol. 6632, pp. 224–245. Springer, Berlin (2011).Google Scholar
  31. 31.
    Garg S., Gentry C., Halevi S.: Candidate multilinear maps from ideal lattices. In: EUROCRYPT’13. Lecture Notes in Computer Science, vol. 7881, pp. 1–17. Springer, Berlin (2013).Google Scholar
  32. 32.
    Garg S., Gentry C., Halevi S., Raykova M., Sahai A., Waters B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS’13. IEEE press, New York, NY (2013).Google Scholar
  33. 33.
    Gentry C.: Fully homomorphic encryption using ideal lattices. In: STOC’09, pp. 169–178. ACM Press, New York, NY (2009).Google Scholar
  34. 34.
    Gentry C., Halevi S.: Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In: FOCS’11, pp. 107–116. IEEE Press, New York, NY (2011).Google Scholar
  35. 35.
    Gentry C., Halevi S.: Implementing Gentry’s fully-homomorphic encryption scheme. In: EUROCRYPT’11. Lecture Notes in Computer Science, vol. 6632, pp. 129–148. Springer, Berlin (2011).Google Scholar
  36. 36.
    Gentry C., Halevi S., Smart N.P.: Fully homomorphic encryption with polylog overhead. In: EUROCRYPT’12. Lecture Notes in Computer Science, vol. 7237, pp. 465–482. Springer, Berlin (2012).Google Scholar
  37. 37.
    Gentry C., Sahai A., Waters B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: CRYPTO’13 (1). Lecture Notes in Computer Science, vol. 8042, pp. 75–92. Springer, Berlin (2013).Google Scholar
  38. 38.
    Goldwasser S., Kalai Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS’05, pp. 553–562. IEEE press, New York, NY (2005).Google Scholar
  39. 39.
    Goldwasser S., Rothblum G.N.: On best-possible obfuscation. In: TCC’07. Lecture Notes in Computer Science, vol. 4392, pp. 194–213. Springer, Berlin (2007).Google Scholar
  40. 40.
    Hada S.: Zero-knowledge and code obfuscation. In: ASIACRYPT’00. Lecture Notes in Computer Science, vol. 1976, pp. 443–457. Springer, Berlin (2000).Google Scholar
  41. 41.
    Hada S.: Secure obfuscation for encrypted signatures. In: EUROCRYPT’10. Lecture Notes in Computer Science, vol. 6110, pp. 92–112. Springer, Berlin (2010).Google Scholar
  42. 42.
    Hofheinz D., Malone-Lee J., Stam M.: Obfuscation for cryptographic purposes. J. Cryptol. 23(1), 121–168 (2010).Google Scholar
  43. 43.
    Hohenberger S., Rothblum G.N., Shelat A., Vaikuntanathan V.: Securely obfuscating re-encryption. J. Cryptol. 24(4), 694–719 (2011).Google Scholar
  44. 44.
    Lu S., Ostrovsky R., Sahai A., Shacham H., Waters B.: Sequential aggregate signatures and multisignatures without random oracles. In: EUROCRYPT’06. Lecture Notes in Computer Science, vol. 4004, pp. 465–485. Springer, Berlin (2006).Google Scholar
  45. 45.
    Lu S., Ostrovsky R., Sahai A., Shacham H., Waters B.: Sequential aggregate signatures, multisignatures, and verifiably encrypted signatures without random oracles. J. Cryptol. 26(2), 340–373 (2013).Google Scholar
  46. 46.
    Lynn B., Prabhakaran M., Sahai A.: Positive results and techniques for obfuscation. In: EUROCRYPT’04. Lecture Notes in Computer Science, vol. 3027, pp. 20–39. Springer, Berlin (2004).Google Scholar
  47. 47.
    Rückert M.: Verifiably encrypted signatures from RSA without NIZKs. In: INDOCRYPT’09. Lecture Notes in Computer Science, vol. 5922, pp. 363–377. Springer, Berlin (2009).Google Scholar
  48. 48.
    Rückert M., Schröder D.: Security of verifiably encrypted signatures and a construction without random oracles. In: Pairing’09. Lecture Notes in Computer Science, vol. 5671, pp. 17–34. Springer, Berlin (2009).Google Scholar
  49. 49.
    Rückert M., Schneider M., Schröder D.: Generic constructions for verifiably encrypted signatures without random oracles or NIZKs. In: ACNS’10. Lecture Notes in Computer Science, vol. 6123, pp. 69–86 (2010).Google Scholar
  50. 50.
    Shoup V.: Lower bounds for discrete logarithms and related problems. In: EUROCRYPT’97, LNCS, vol. 1233, pp. 256–266 (1997).Google Scholar
  51. 51.
    van Dijk M., Gentry C., Halevi S., Vaikuntanathan V.: Fully homomorphic encryption over the integers. In: EUROCRYPT’10. Lecture Notes in Computer Science, vol. 6110, pp. 24–43. Springer, Berlin (2010).Google Scholar
  52. 52.
    Waters B.: Efficient identity-based encryption without random oracles. In: EUROCRYPT’05. Lecture Notes in Computer Science, vol. 3494, pp. 114–127. Springer, Berlin (2005).Google Scholar
  53. 53.
    Waters B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: CRYPTO’09. Lecture Notes in Computer Science, vol. 5677, pp. 619–636. Springer, Berlin (2009). Full version available from http://eprint.iacr.org/2009/385.
  54. 54.
    Wee H.: On obfuscating point functions. In: STOC’05, pp. 523–532. ACM Press, New York, NY (2005).Google Scholar
  55. 55.
    Zhang F., Safavi-Naini R., Susilo W.: Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In: INDOCRYPT’03. Lecture Notes in Computer Science, vol. 2904, pp. 191–204. Springer Berlin (2003).Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.TokyoJapan

Personalised recommendations