Short Signatures from the Weil Pairing

  • Dan Boneh
  • Ben Lynn
  • Hovav Shacham
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2248)


We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.


Hash Function Elliptic Curve Signature Scheme Elliptic Curf Random Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    ANSI X9.62 and FIPS 186-2. Elliptic Curve Digital Signature Algorithm, 1998.Google Scholar
  2. 2.
    R. Balasubramanian and N. Koblitz. The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm. Journal of Cryptology, 11(2):141–145, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    M. Bellare and P. Rogaway. The Exact Security of Digital Signatures: How to Sign with RSA and Rabin. In U. Maurer, editor, Proceedings of Eurocrypt’ 96, volume 1070 of LNCS, pages 399–416. Springer-Verlag, 1996.Google Scholar
  4. 4.
    D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In J. Kilian, editor, Proceedings of Crypto’ 2001, volume 2139 of LNCS, pages 213–229. Springer-Verlag, 2001.Google Scholar
  5. 5.
    D. Chaum and T. Pederson. Wallet Databases with Observers. In E. Brickell, editor, Proceedings of Crypto’ 92, volume 740 of LNCS, pages 89–105. Springer-Verlag, 1992.Google Scholar
  6. 6.
    J.-S. Coron. On the Exact Security of Full Domain Hash. In M. Bellare, editor, Proceedings of Crypto’ 2000, volume 1880 of LNCS, pages 229–235. Springer-Verlag, 2000.Google Scholar
  7. 7.
    G. Frey, M. Muller, and H. Ruck. The Tate Pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems. IEEE Tran. on Info. Th., 45(5):1717–1719, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    S. Galbraith. Supersingular curves in cryptography. In Proceedings of Asiacrypt’ 2001, LNCS. Springer-Verlag, 2001.Google Scholar
  9. 9.
    S. Galbraith and N. P. Smart. A Cryptographic Application of Weil Descent. In M. Walker, editor, Cryptology and Coding, volume 1746 of LNCS, pages 191–200. Springer-Verlag, 1999.CrossRefGoogle Scholar
  10. 10.
    P. Gaudry, F. Hess, and N. P. Smart. Constructive and Destructive Facets of Weil Descent on Elliptic Curves. Technical Report CSTR-00-016, Department of Computer Science, University of Bristol, 2000.Google Scholar
  11. 11.
    A. Joux. A One Round Protocol for Tripartite Diffie-Hellman. In W. Bosma, editor, Proceedings of ANTS IV, volume 1838 of LNCS, pages 385–394. Springer-Verlag, 2000.Google Scholar
  12. 12.
    A. Joux and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Cryptology ePrint Archive, Report 2001/003, 2001.
  13. 13.
    N. Koblitz. An Elliptic Curve Implementation of the Finite Field Digital Signature Algorithm. In H. Krawczyk, editor, Proceedings of Crypto’ 98, volume 1462 of LNCS, pages 327–333. Springer-Verlag, 1998.Google Scholar
  14. 14.
    S. Lang. Elliptic Functions. Addison-Wesley, Reading, MA, 1973.zbMATHGoogle Scholar
  15. 15.
    A. Menezes, T. Okamoto, and P. Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. IEEE Transactions on Information Theory, 39(5):1639–1646, 1993.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  17. 17.
    V. Miller. Short Programs for Functions on Curves. unpublished manuscript, 1986.Google Scholar
  18. 18.
    I. Mironov. A Short Signature as Secure as DSA. Preprint, 2001.Google Scholar
  19. 19.
    D. Naccache and J. Stern. Signing on a Postcard. In Proceedings of Financial Cryptography’ 00, 2000.Google Scholar
  20. 20.
    T. Okamoto and D. Pointcheval. The Gap Problems: A New Class of Problems for the Security of Cryptographic Primitives. In K. Kim, editor, Public Key Cryptography, PKC 2001, volume 1992 of LNCS, pages 104–118. Springer-Verlag, 2001.Google Scholar
  21. 21.
    L. Pintsov and S. Vanstone. Postal Revenue Collection in the Digital Age. In Proceedings of Financial Cryptography’ 00, 2000.Google Scholar
  22. 22.
    J. H. Silverman. The Arithmetic of Elliptic Curves, volume 106 of Graduate Texts in Mathematics. Springer-Verlag, 1986.Google Scholar
  23. 23.
    W. C. Waterhouse. Abelian Varieties over Finite Fields. Ann. Sci. École Norm. Sup., 2:521–60, 1969.zbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Dan Boneh
    • 1
  • Ben Lynn
    • 1
  • Hovav Shacham
    • 1
  1. 1.Computer Science DepartmentStanford UniversityUSA

Personalised recommendations