Strongly Unforgeable Signatures Based on Computational Diffie-Hellman

  • Dan Boneh
  • Emily Shen
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)

Abstract

A signature system is said to be strongly unforgeable if the signature is existentially unforgeable and, given signatures on some message m, the adversary cannot produce a new signature on m. Strongly unforgeable signatures are used for constructing chosen-ciphertext secure systems and group signatures. Current efficient constructions in the standard model (i.e. without random oracles) depend on relatively strong assumptions such as Strong-RSA or Strong-Diffie-Hellman. We construct an efficient strongly unforgeable signature system based on the standard Computational Diffie-Hellman problem in bilinear groups.

References

  1. 1.
    An, J., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: The exact security of digital signatures: How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004), Full version at: http://eprint.iacr.org/2004/171 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. of Cryptology 17(4), 297–319 (2004); Early version in Asiacrypt 2001.MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Boneh, D., Mironov, I., Shoup, V.: A secure signature scheme from bilinear maps. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 98–110. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004), http://eprint.iacr.org/2003/182/ CrossRefGoogle Scholar
  9. 9.
    Coron, J.-S.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Damgård, I.B.: New generation of secure and practical rsa-based signatures. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 173–185. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM TISSEC 3(3), 161–185 (2000)l; Extended abstract in Proc. 6th ACM CCS (1999)CrossRefGoogle Scholar
  12. 12.
    Damgård, I.B.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1987)Google Scholar
  13. 13.
    Dodis, Y.: Efficient construction of (distributed) verifiable random functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2002)Google Scholar
  14. 14.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. of Computing 30(2), 391–437 (2000)CrossRefMATHGoogle Scholar
  15. 15.
    Dwork, C., Naor, M.: An efficient existentially unforgeable signature scheme and its applications. J. of Cryptology 11(2), 187–208 (1998); Early version in Crypto 1994.MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Gemmel, P.: An introduction to threshold cryptography. RSA CryptoBytes 2(3), 7–12 (1997)Google Scholar
  17. 17.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Goh, E.-J., Jarecki, S.: A signature scheme as secure as the Diffie-Hellman problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 401–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Goldreich, O.: Two remarks concerning the goldwasser-micali-rivest signature scheme. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 104–110. Springer, Heidelberg (1987)Google Scholar
  20. 20.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proceedings of NDSS 2000, Internet Society (2000), http://eprint.iacr.org/1998/010/
  23. 23.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from the DHDDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  25. 25.
    Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: Proceedings of the 40th Annual Symposium on the Foundations of Computer Science, New York, NY, October 1999, pp. 120–130. IEEE, Los Alamitos (1999)Google Scholar
  26. 26.
    Micali, S., Reyzin, L.: Improving the exact security of digital signature schemes. J. of Cryptology 15(1), 1–18 (2002)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of STOC 1989, pp. 33–43 (1989)Google Scholar
  28. 28.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dan Boneh
    • 1
  • Emily Shen
    • 1
  • Brent Waters
    • 2
  1. 1.Computer Science DepartmentStanford UniversityStanford
  2. 2.SRI InternationalPalo Alto

Personalised recommendations