Short Signatures Without Random Oracles

  • Dan Boneh
  • Xavier Boyen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3027)

Abstract

We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Diffie-Hellman assumption. This assumption has similar properties to the Strong RSA assumption, hence the name. Strong RSA was previously used to construct signature schemes without random oracles. However, signatures generated by our scheme are much shorter and simpler than signatures from schemes based on Strong RSA. Furthermore, our scheme provides a limited form of message recovery.

References

  1. [ADR02]
    An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 83. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [BB04a]
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BB04b]
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004), Full version at: http://crypto.stanford.edu/~dabo/abstracts/sigssdh.html CrossRefGoogle Scholar
  4. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures using strong Diffie-Hellman (2004) (manuscript)Google Scholar
  5. [BLS01]
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [CDF03]
    Courtois, N., Daum, M., Felke, P.: On the security of HFE, HFEv- and Quartz. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 337–350. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. [CHK04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004), http://eprint.iacr.org/2003/182/ CrossRefGoogle Scholar
  8. [CN00]
    Coron, J., Naccache, D.: Security analysis of the Gennaro-Halevi-Rabin signature scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 91–101. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. [Cor00]
    Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. [CS00]
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM TISSEC 3(3), 161–185 (2000); Extended abstract in Proc. 6th ACM CCS (1999)CrossRefGoogle Scholar
  11. [GHR99]
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)Google Scholar
  12. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  13. [JN01]
    Joux, A., Nguyen, K.: Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Cryptology ePrint Archive, Report 2001/003 (2001), http://eprint.iacr.org/2001/003/
  14. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proceedings of NDSS 2000. Internet Society (2000), http://eprint.iacr.org/1998/010/
  15. [KW03]
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Proceedings of ACM CCS (2003)Google Scholar
  16. [MSK02]
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)Google Scholar
  17. [MVV97]
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  18. [NS00]
    Naccache, D., Stern, J.: Signing on a postcard. In: Proceedings of Financial Cryptography 2000 (2000)Google Scholar
  19. [PCG01]
    Patarin, J., Courtois, N., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. [PV00]
    Pintsov, L., Vanstone, S.: Postal revenue collection in the digital age. In: Proceedings of Financial Cryptography 2000 (2000)Google Scholar
  21. [Sah99]
    Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: Proceeings 40 IEEE Symp. on Foundations of Computer Science (1999)Google Scholar
  22. [Sho97]
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  23. [TSNZ03]
    To, V., Safavi-Naini, R., Zhang, F.: New traitor tracing schemes using bilinear map. In: Proceedings of 2003 DRM Workshop (2003)Google Scholar
  24. [ZSNS04]
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Dan Boneh
    • 1
  • Xavier Boyen
    • 2
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA
  2. 2.Voltage SecurityPalo Alto

Personalised recommendations