Efficient Blind and Partially Blind Signatures Without Random Oracles

  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)


This paper proposes a new efficient signature scheme from bilinear maps that is secure in the standard model (i.e., without the random oracle model). Our signature scheme is more effective in many applications (e.g., blind signatures, group signatures, anonymous credentials etc.) than the existing secure signature schemes in the standard model such as the Boneh-Boyen [6], Camenisch-Lysyanskaya [10], Cramer-Shoup [15] and Waters [33] schemes (and their variants). The security proof of our scheme requires a slightly stronger assumption, the 2SDH assumption, than the SDH assumption used by Boneh-Boyen. As typical applications of our signature scheme, this paper presents efficient blind signatures and partially blind signatures that are secure in the standard model. Here, partially blind signatures are a generalization of blind signatures (i.e., blind signatures are a special case of partially blind signatures) and have many applications including electronic cash and voting. Our blind signature scheme is much more efficient than the existing secure blind signature schemes in the standard model such as the Camenisch-Koprowski-Warinsch [8] and Juels-Luby-Ostrovsky [22] schemes, and is also almost as efficient as the most efficient blind signature schemes whose security has been analyzed heuristically or in the random oracle model. Our partially blind signature scheme is the first one that is secure in the standard model and it is very efficient (almost as efficient as our blind signatures). We also present a blind signature scheme based on the Waters signature scheme.


Signature Scheme Random Oracle Blind Signature Random Oracle Model Blind Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M.: A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Abe, M., Fujisaki, E.: How to Date Blind Signatures. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 244–251. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  3. 3.
    Abe, M., Okamoto, T.: Provably Secure Partially Blind Signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The power of RSA inversion oracles and the security of Chaum’s RSA-based blind signature scheme. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 309. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Boldyreva, A.: Threshold Signature, Multisignature and Blind Signature Schemes Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Franklin, M. (ed.) CRYPTO 2004, 3152th edn. LNCS. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001, vol. 2248, p. 514. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Koprowski, M., Warinschi, B.: Efficient Blind Signatures without Random Oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multishow credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Chaum, D.: Blind signatures for untraceable payments. In: Crypto 1982, pp. 199–203. Plenum Press (1983)Google Scholar
  14. 14.
    Chow, S., Hui, L., Yiu, S., Chow, K.: Two Improved Partially Blind Signature Schemes from Bilinear Pairings. In: IACR Cryptology ePrint Archive, 2004/108 (2004)Google Scholar
  15. 15.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: 6th ACM CCS, pp. 46–52. ACM press, New York (1999)Google Scholar
  16. 16.
    Damgård, I.: Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Diffie, W., Hellma, M.E.: New directions in cryptography. IEEE Trans. on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solution to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  19. 19.
    Fischlin, M.: The cramer-shoup strong-rSASignature scheme revisited. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 116–129. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  23. 23.
    Kiayias, A., Zhou, H.: Two-Round Concurrent Blind Signatures without Random Oracles, IACR Cryptology ePrint Archive, 2005/435 (2005)Google Scholar
  24. 24.
    Makita, T., Manabe, Y., Okamoto, T.: Short Group Signatures with Efficient Flexible Join (manuscript, 2005)Google Scholar
  25. 25.
    Mitsunari, S., Sakai, R., Kasahara, M.: A New Traitor Tracing. IEICE Trans. E-85-A(2), 481–484 (2002)Google Scholar
  26. 26.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st STOC, pp. 33–43. ACM, New York (1989)Google Scholar
  27. 27.
    Pointcheval, D.: Strengthened security for blind signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 391–405. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Pointcheval, D., Stern, J.: Provably secure blind signature schemes. In: ASIACRYPT 1996. LNCS. Springer, Heidelberg (1996)Google Scholar
  29. 29.
    Pointcheval, D., Stern, J.: New blind signatures equivalent to factorization. In: ACM CCS, pp. 92–99. ACM Press, New York (1997)Google Scholar
  30. 30.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000) (Springer-Verlag)CrossRefzbMATHGoogle Scholar
  31. 31.
    Schnorr, C.P.: Security of Blind Discrete Log Signatures against Interactive Attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1–12. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. 32.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC, pp. 387–394. ACM, New York (1990)Google Scholar
  33. 33.
    Waters, B.: Efficient Identity-Based Encryption Without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Zhang, F., Safavi-Naini, R., Susilo, W.: Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 191–204. Springer, Heidelberg (2003); Revised version available at, CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  1. 1.NTT Laboratories, Nippon Telegraph and Telephone CorporationJapan

Personalised recommendations