Improving Signature Schemes with Tight Security Reductions

  • Tiong-Sik NgEmail author
  • Syh-Yuan Tan
  • Ji-Jian Chin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


In 2003, Katz and Wang proposed the claw-free trapdoor full domain hash (CFT-FDH) which achieves a tight security for FDH signature schemes using the bit selector technique. However, it is noted that the CFT-FDH is not backward compatible with its original FDH counterpart, since the selected bit is hashed with the message, modifying the structure of the original signature. In this paper, we take a step further to propose a general framework that is able to achieve backward compatibility while maintaining the tight reduction of FDH signatures using the properties of trapdoor samplable relations and also Katz-Wang’s bit selector technique.


Digital signatures Tight security Full domain hash General framework 



The authors would like to thank Thomas Groß for the helpful comments on an earlier version of this paper. The authors would also like to acknowledge the Fundamental Research Grant Scheme (FRGS/1/2019/ICT04/MMU/02/5) by the Ministry of Education of Malaysia in providing financial support for this work.


  1. 1.
    Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the fiat-shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002). Scholar
  2. 2.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). Scholar
  3. 3.
    An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002). Scholar
  4. 4.
    Bao, F., Deng, R.H., Zhu, H.F.: Variations of Diffie-Hellman problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003). Scholar
  5. 5.
    Bresson, E., Lakhnech, Y., Mazaré, L., Warinschi, B.: A generalization of DDH with applications to protocol analysis and computational soundness. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 482–499. Springer, Heidelberg (2007). Scholar
  6. 6.
    Beth, T.: Efficient zero-knowledge identification scheme for smart cards. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 77–84. Springer, Heidelberg (1988). Scholar
  7. 7.
    Boneh, D., Franklin, M.B.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  8. 8.
    Bellare, M., Fischlin, M., Goldwasser, S., Micali, S.: Identification protocols secure against reset attacks. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 495–511. Springer, Heidelberg (2001). Scholar
  9. 9.
    Boyen, X., Li, Q.: Towards Tightly Secure Short Signature and IBE. IACR Cryptology ePrint Archive – Report 2016/498, pp. 514–532 (2001)Google Scholar
  10. 10.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). Scholar
  11. 11.
    Bellare, M., Namprempre, C., Neven, G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 411–422. Springer, Heidelberg (2007). Scholar
  12. 12.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. J. Cryptol. 22(1), 1–61 (2009)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security – ACM CCS 1993, pp. 62–73. ACM (1993)Google Scholar
  14. 14.
    Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). Scholar
  15. 15.
    Choon, J.C., Hee Cheon, J.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). Scholar
  16. 16.
    Chaum, D.: Zero-knowledge undeniable signatures (extended abstract). In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991). Scholar
  17. 17.
    Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000). Scholar
  18. 18.
    Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002). Scholar
  19. 19.
    Coron, J.S.: A variant of Boneh-Franklin IBE with a tight reduction in the random oracle model. Des. Codes Crypt. 50(1), 115–133 (2009)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(3), 161–185 (2000)CrossRefGoogle Scholar
  21. 21.
    Kerry, C.F., Director, C.R.: FIPS PUB 186–4 federal information processing standards publication digital signature standard (DSS). FIPS Publication (2013)Google Scholar
  22. 22.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). Scholar
  23. 23.
    Guo, F., Chen, R., Susilo, W., Lai, J., Yang, G., Mu, Y.: Optimal security reductions for unique signatures: bypassing impossibilities with a counterexample. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 517–547. Springer, Cham (2017). Scholar
  24. 24.
    Goh, E.-J., Jarecki, S.: A signature scheme as secure as the Diffie-Hellman problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 401–415. Springer, Heidelberg (2003). Scholar
  25. 25.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988). Scholar
  27. 27.
    Huang, J., Huang, Q., Pan, C.: A black-box construction of strongly unforgeable signature schemes in the bounded leakage model. In: Chen, L., Han, J. (eds.) ProvSec 2016. LNCS, vol. 10005, pp. 320–339. Springer, Cham (2016). Scholar
  28. 28.
    Katz, J.: Full-domain hash (and related) signature schemes. In: Katz, J. (ed.) Digital Signatures, pp. 143–153. Springer, Boston (2010). Scholar
  29. 29.
    Koblitz, N., Menezes, A.J.: The random oracle model: a twenty-year retrospective. Des. Codes Crypt. 77(2–3), 587–610 (2015)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 33–61. Springer, Heidelberg (2016). Scholar
  31. 31.
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: ACM CCS 2003, pp. 155–164 (2003)Google Scholar
  32. 32.
    Lacharité, M.S.: Security of BLS and BGLS signatures in a multi-user setting. In: Advances in Cryptology 2016, vol. 2 – ARCTICCRYPT 2016, pp. 244–261 (2016)Google Scholar
  33. 33.
    Lynn, B.: On the implementation of pairing-based cryptosystems. Doctoral dissertation, Stanford University (2007)Google Scholar
  34. 34.
    Katz, J., Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)zbMATHGoogle Scholar
  35. 35.
    Morita, H., Schuldt, J.C.N., Matsuda, T., Hanaoka, G., Iwata, T.: On the security of the schnorr signature scheme and DSA against related-key attacks. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 20–35. Springer, Cham (2016). Scholar
  36. 36.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management-part 1: general (revised). NIST Special Publication (2006)Google Scholar
  37. 37.
    Ng, T.-S., Tan, S.-Y., Chin, J.-J.: A variant of BLS signature scheme with tight security reduction. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds.) MONAMI 2017. LNICST, vol. 235, pp. 150–163. Springer, Cham (2018). Scholar
  38. 38.
    Ogata, W., Kurosawa, K., Heng, S.-H.: The security of the FDH variant of chaum’s undeniable signature scheme. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 328–345. Springer, Heidelberg (2005). Scholar
  39. 39.
    Pereira, G.C., Simplício, M.A., Naehrig, M., Barreto, P.S.: A family of implementation-friendly BN elliptic curves. J. Syst. Softw. 84(8), 1319–1326 (2011)CrossRefGoogle Scholar
  40. 40.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Vercauteren, F.: Final report on main computational assumptions in cryptography. European Network of Excellence in Cryptography II (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Multimedia UniversityMelakaMalaysia
  2. 2.Newcastle UniversityNewcastle upon TyneUK
  3. 3.Multimedia UniversityCyberjayaMalaysia

Personalised recommendations