Advertisement

A Family of FDH Signature Schemes Based on the Quadratic Residuosity Assumption

  • Giuseppe Ateniese
  • Katharina Fech
  • Bernardo Magri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11356)

Abstract

Signature schemes are arguably the most crucial cryptographic primitive, and devising tight security proofs for signature schemes is an important endeavour, as it immediately impacts the feasibility of deployment in real world applications. Hash-then-sign signature schemes in the Random Oracle Model, such as RSA-FDH, and Rabin-Williams variants are among the fastest schemes to date, but that unfortunately do not enjoy tight security proofs based on the one-wayness of their trapdoor function; instead, all known tight proofs rely on variants of the (non-standard) \(\varPhi \)-Hiding assumption. As our main contribution, we introduce a family of hash-then-sign signature schemes, inspired by a lossy trapdoor function from Freeman et al. (JoC’ 13), that is tightly secure under the Quadratic Residuosity assumption. Our first scheme has the property of having unique signatures, while the second scheme is deterministic with an extremely fast signature verification, requiring at most 3 modular multiplications.

Keywords

Digital signatures Full domain hash Tight security proof Quadratic residuosity Lossy trapdoor function 

References

  1. 1.
    Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Ray, I., Li, N., Kruegel, C. (eds.) 22nd Conference on Computer and Communications Security – ACM CCS 2015, pp. 364–375. ACM Press (2015)Google Scholar
  2. 2.
    Bader, C., Jager, T., Li, Y., Schäge, S.: On the impossibility of tight cryptographic reductions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 273–304. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_10CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93: 1st Conference on Computer and Communications Security, pp. 62–73. ACM Press, November 1993Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: The exact security of digital signatures: how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_34CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J.: Proving tight security for Rabin-Williams signatures. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 70–87. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_5CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational Diffie-Hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006).  https://doi.org/10.1007/11745853_15CrossRefGoogle Scholar
  9. 9.
    Cachin, C., Micali, S., Stadler, M.: Computationally Private Information Retrieval with Polylogarithmic Communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_28CrossRefGoogle Scholar
  10. 10.
    Chevallier-Mames, B., Joye, M.: A practical and tightly secure signature scheme without hash function. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 339–356. Springer, Heidelberg (2006).  https://doi.org/10.1007/11967668_22CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44598-6_14CrossRefGoogle Scholar
  12. 12.
    Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_18CrossRefGoogle Scholar
  13. 13.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  14. 14.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. J. Crypt. 26(1), 39–74 (2013)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_9CrossRefGoogle Scholar
  17. 17.
    Granboulan, L.: How to repair ESIGN. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 234–240. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36413-7_17CrossRefGoogle Scholar
  18. 18.
    Guo, F., Chen, R., Susilo, W., Lai, J., Yang, G., Mu, Y.: Optimal security reductions for unique signatures: bypassing impossibilities with a counterexample. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 517–547. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_18CrossRefGoogle Scholar
  19. 19.
    Herrmann, M.: Improved cryptanalysis of the multi-prime \(\varpi \) - hiding assumption. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 92–99. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21969-6_6CrossRefGoogle Scholar
  20. 20.
    Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537–553. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_32CrossRefGoogle Scholar
  21. 21.
    Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. J. Crypt. 31(1), 276–306 (2018)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Sushil, J., Vijayalakshmi, A., Trent, J. (eds.) ACM CCS 03: 10th Conference on Computer and Communications Security – ACM CCS 2003, pp. 155–164. ACM Press, October 2003Google Scholar
  23. 23.
    Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 445–464. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_26CrossRefGoogle Scholar
  24. 24.
    Eikenberry, S.M., Sorenson, J.P.: Efficient algorithms for computing the Jacobi symbol. J. Symb. Comput. 26, 509–523 (1998)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_22CrossRefGoogle Scholar
  26. 26.
    Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: ISOC Network and Distributed System Security Symposium - NDSS 2010. The Internet Society, February/March 2010Google Scholar
  27. 27.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, Gilles (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_22CrossRefGoogle Scholar
  29. 29.
    Schridde, C., Freisleben, B.: On the validity of the phi-hiding assumption in cryptographic protocols. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 344–354. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_21CrossRefzbMATHGoogle Scholar
  30. 30.
    Seurin, Y.: On the lossiness of the rabin trapdoor function. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 380–398. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_22CrossRefGoogle Scholar
  31. 31.
    Shacham, H.: Short unique signatures from RSA with a tight security reduction (in the random oracle model). In: 22nd Financial Cryptography and Data Security (2018)Google Scholar
  32. 32.
    Shallit, J., Sorenson, J.: A binary algorithm for the Jacobi symbol. ACM SIGSAM Bull. 27, 4–11 (1993)CrossRefGoogle Scholar
  33. 33.
    Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, New York (2009)zbMATHGoogle Scholar
  34. 34.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Katharina Fech
    • 2
  • Bernardo Magri
    • 2
  1. 1.Stevens Institute of TechnologyHobokenUSA
  2. 2.Friedrich-Alexander-Universität Erlangen-NürnbergErlangenGermany

Personalised recommendations