A CDH-Based Strongly Unforgeable Signature Without Collision Resistant Hash Function

  • Takahiro Matsuda
  • Nuttapong Attrapadung
  • Goichiro Hanaoka
  • Kanta Matsuura
  • Hideki Imai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)


Unforgeability of digital signatures is closely related to the security of hash functions since hashing messages, such as hash-and-sign paradigm, is necessary in order to sign (arbitrarily) long messages. Recent successful collision finding attacks against practical hash functions would indicate that constructing practical collision resistant hash functions is difficult to achieve. Thus, it is worth considering to relax the requirement of collision resistance for hash functions that is used to hash messages in signature schemes. Currently, the most efficient strongly unforgeable signature scheme in the standard model which is based on the CDH assumption (in bilinear groups) is the Boneh-Shen-Waters (BSW) signature proposed in 2006. In their scheme, however, a collision resistant hash function is necessary to prove its security. In this paper, we construct a signature scheme which has the same properties as the BSW scheme but does not rely on collision resistant hash functions. Instead, we use a target collision resistant hash function, which is a strictly weaker primitive than a collision resistant hash function. Our scheme is, in terms of the signature size and the computational cost, as efficient as the BSW scheme.


digital signature strong unforgeability target collision resistant hash function standard model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    An, J.H., Dodis, Y., Rabin, T.: On the Security of Joint Signature and Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Barreto, P., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 320–335. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. J. of Cryptology 17(2), 297–319, Full version of [7] (2004)zbMATHMathSciNetGoogle Scholar
  9. 9.
    Boneh, D., Shen, E., Waters, B.: Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Boyen, X., Mei, Q., Waters, B.: Direct Chosen Ciphertext Security from Identity-Based Techniques. In: Proc. of 12th ACMCCS (2005)Google Scholar
  11. 11.
    Boyen, X., Mei, Q., Waters,B.: Direct Chosen Ciphertext Security from Identity-Based Techniques, Updated version of [10] (2005), available at Scholar
  12. 12.
    Canetti, R., Halevi, S., Katz, J.: Chosen-Ciphertext Security from Identity-Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. ACM TISSEC 3(3), 161–185 (2000) (Extended abstract in Proc. of 6th ACMCCS)CrossRefGoogle Scholar
  14. 14.
    Damgård, I.: Collision Free Hash Functions and Public Key Signature Schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)Google Scholar
  15. 15.
    Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Schemes Secure Against Adaptive Chosen-Message Attacks. SIAM J. Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Huang, Q., Wong, D.S., Zhao, Y.: Generic Transformation to Strongly Unforgeable Signatures. In: ACNS 2007. 5th Applied Cryptography and Network Security, vol. 4521, pp. 1–17 (2007)Google Scholar
  17. 17.
    Koblitz, N., Menezes, A.: Pairing-Based Cryptography at High Security Levels. In: Smart, N.P. (ed.) Cryptography and Coding. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Krawczyk, H., Rabin, T.: Chameleon Hashing and Signatures. In: Proc. of NDSS 2000, Internet Society (1998), available at Scholar
  19. 19.
    Mironov, I.: Collision Resistant No More: Hash-and-Sign Paradigm Revisited. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 140–156. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1996)Google Scholar
  21. 21.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and their Cryptographic Applications. In: Proc. of the Twenty First ACM Symposium on Theory of Computing, pp. 33–43 (1989)Google Scholar
  22. 22.
    Page, D., Smart, N.P., Vercauteren, F.: A comparison of MNT curves and supersingular curves. Applicable Algebra in Engineerings, Communication and Computing(AAECC) 17(5), 379–392 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Simon, D.R.: Finding Collision on One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  24. 24.
    Steinfeld, R., Pieprzyk, J., Wang, H.: How to Strengthen Any Weakly Unforgeable Signature into a Strongly Unforgeable Signature. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 357–371. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Teranishi, I., Oyama, T., Ogata, W.: General Conversion for Obtaining Strongly Existentially Unforgeable Signatures. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 191–205. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 12–36. Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Waters, B.: Efficient Identity-Based Encryption without Random Oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Takahiro Matsuda
    • 1
  • Nuttapong Attrapadung
    • 2
  • Goichiro Hanaoka
    • 2
  • Kanta Matsuura
    • 1
  • Hideki Imai
    • 2
    • 3
  1. 1.Institute of Industrial Science, The University of Tokyo, TokyoJapan
  2. 2.Research Center for Information Security, National Institute of Advanced Industrial Science and Technology, TokyoJapan
  3. 3.Faculty of Science and Engineering, Chuo University, TokyoJapan

Personalised recommendations