Unique Signatures and Verifiable Random Functions from the DH-DDH Separation
A unique signature scheme has the property that a signature σ PK (m) is a (hard-to-compute) function of the public key PK and message m, for all, even adversarially chosen, PK. Unique signatures, introduced by Goldwasser and Ostrovsky, have been shown to be a building block for constructing verifiable random functions. Another useful property of unique signatures is that they are stateless: the signer does not need to update his secret key after an invocation.
The only previously known construction of a unique signature in the plain model was based on the RSA assumption. The only other previously known provably secure constructions of stateless signatures were based on the Strong RSA assumption. Here, we give a construction of a unique signature scheme based on a generalization of the Diffe-Hellman assumption in groups where decisional Diffe-Hellman is easy. Several recent results suggest plausibility of such groups.
We also give a few related constructions of verifiable random functions (VRFs). VRFs, introduced by Micali, Rabin, and Vadhan, are objects that combine the properties of pseudorandom functions (i.e. indistinguishability from random even after querying) with the verifiability property. Prior to our work, VRFs were only known to exist under the RSA assumption.
KeywordsUnique signatures verifiable random functions application of groups with DH-DDH separation
- BF01.Dan Boneh and Matthew Franklin. Identity-based encryption from the Weil pairing. In Joe Kilian, editor, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 213–229. Springer Verlag, 2001.Google Scholar
- BFM88.Manuel Blum, Paul Feldman, and Silvio Micali. Non-interactive zeroknowledge and its applications (extended abstract). In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pages 103–112, Chicago, Illinois, 2–4 May 1988.Google Scholar
- BLS01.Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In Colin Boyd, editor, Advances in Cryptology-ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 514–532. Springer Verlag, 2001.Google Scholar
- BS02.Dan Boneh and Alice Silverberg. Applications of multilinear forms to cryptography. Manuscript obtained by personal communication, 2002.Google Scholar
- CS99.Ronald Cramer and Victor Shoup. Signature schemes based on the strong RSA assumption. In Proc. 6th ACM Conference on Computer and Communications Security, pages 46–52. ACM press, nov 1999.Google Scholar
- GHR99.Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Jacques Stern, editor, Advances in Cryptology-EUROCRYPT’ 99, volume 1592 of Lecture Notes in Computer Science, pages 123–139. Springer Verlag, 1999.Google Scholar
- GO92.Shafi Goldwasser and Rafail Ostrovsky. Invariant signatures and noninteractive zero-knowledge proofs are equivalent. In Ernest F. Brickell, editor, Advances in Cryptology-CRYPTO’ 92, pages 228–244. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.Google Scholar
- JN01.Antoine Joux and Kim Nguyen. Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Manuscript. Available from http://www.eprint.iacr.org, 2001.
- Jou00.Antoine Joux. A one-round protocol for tripartite Diffe-Hellman. In Proceedings of the ANTS-IV conference, volume 1838 of Lecture Notes in Computer Science, pages 385–394. Springer-Verlag, 2000.Google Scholar
- Mic.Silvio Micali. 6.875: Introduction to cryptography. MIT course taught in Fall 1997.Google Scholar
- MR01.Silvio Micali and Leonid Reyzin. Soundness in the public-key model. In Joe Kilian, editor, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 542–565. Springer Verlag, 2001.Google Scholar
- MR02.Silvio Micali and Ronald L. Rivest. Micropayments revisited. In Bart Preneel, editor, Proceedings of the Cryptographer’s Track at the RSA Conference, volume 2271 of Lecture Notes in Computer Science, pages 149–163. Springer Verlag, 2002.Google Scholar
- MRV99.Silvio Micali, Michael Rabin, and Salil Vadhan. Verifiable random functions. In Proc. 40th IEEE Symposium on Foundations of Computer Science (FOCS), pages 120–130. IEEE Computer Society Press, 1999.Google Scholar
- NR97.Moni Naor and Omer Reingold. Number-theoretic constructions of efficient pseudo-random functions. In Proc. 38th IEEE Symposium on Foundations of Computer Science (FOCS), 1997.Google Scholar
- Sha85.Adi Shamir. Identity-based cryptosystems and signature schemes. In George Robert Blakley and David Chaum, editors, Advances in Cryptology-CRYPTO’ 84, volume 196 of Lecture Notes in Computer Science, pages 47–53. Springer Verlag, 1985.Google Scholar
- Sud.Madhu Sudan. Algorithmic introduction to coding theory. MIT course taught in Fall 2001. Lecture notes available from http://www.theory.lcs.mit.edu/~madhu/FT01/.
- Ver01.Eric Verheul. Self-blindable credential certificates from the weil pairing. In Colin Boyd, editor, Advances in Cryptology-ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 533–551. Springer Verlag, 2001.Google Scholar