A Schnorr-Like Lightweight Identity-Based Signature Scheme

  • David Galindo
  • Flavio D. Garcia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5580)


The use of concatenated Schnorr signatures [Sch91] for the hierarchical delegation of public keys is a well-known technique. In this paper we carry out a thorough analysis of the identity-based signature scheme that this technique yields. The resulting scheme is of interest since it is intuitive, simple and does not require pairings. We prove that the scheme is secure against existential forgery on adaptive chosen message and adaptive identity attacks using a variant of the Forking Lemma [PS00]. The security is proven in the Random Oracle Model under the discrete logarithm assumption. Next, we provide an estimation of its performance, including a comparison with the state of the art on identity-based signatures. We draw the conclusion that the Schnorr-like identity-based signature scheme is arguably the most efficient such scheme known to date.


identity-based signature lightweight cryptography provable security Schnorr random oracle model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AO99]
    Abe, M., Okamoto, T.: Delegation chains secure up to constant length. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 144–156. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. [Bet88]
    Beth, T.: Efficient zero-knowledge identification scheme for smart cards. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 77–84. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  3. [BF03]
    Boneh, D., Franklin, M.K.: Identity-Based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003); This is the full version of an extended abstract of the same title presented in: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–615. Springer, Heidelberg (2001) MathSciNetCrossRefzbMATHGoogle Scholar
  4. [BFPW07]
    Boldyreva, A., Fischlin, M., Palacio, A., Warinschi, B.: A closer look at PKI: Security and efficiency. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 458–475. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. [BKLS02]
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. [BLMQ05]
    Barreto, P.S.L.M., Libert, B., McCullagh, N., Quisquater, J.-J.: Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 515–532. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. [BN06]
    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM conference on Computer and communications security (CCS 2006), pp. 390–399. ACM, New York (2006)Google Scholar
  8. [BNN04]
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004); The full version appears in Cryptology ePrint Archive: Report 2004/252CrossRefGoogle Scholar
  9. [BPW03]
    Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003/096 (2003),
  10. [Bru06]
    Brumley, B.B.: Efficient three-term simultaneous elliptic scalar multiplication with applications. In: Fåk, V. (ed.) Proceedings of the 11th Nordic Workshop on Secure IT Systems—NordSec 2006, Linköping, Sweden, October 2006, pp. 105–116 (2006)Google Scholar
  11. [BSNS05]
    Baek, J., Safavi-Naini, R., Susilo, W.: Certificateless public key encryption without pairing. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 134–148. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. [BSS05]
    Blake, I.F., Seroussi, G., Smart, N.: Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005)CrossRefzbMATHGoogle Scholar
  13. [CC02]
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)Google Scholar
  14. [CJT04]
    Castelluccia, C., Jarecki, S., Tsudik, G.: Secret handshakes from CA-oblivious encryption. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 293–307. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. [Dig08]
    DigiNotar. Diginotar internet trust services (2008),
  16. [DSD07]
    Devegili, A.J., Scott, M., Dahab, R.: Implementing cryptographic pairings over barreto-naehrig curves. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 197–207. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. [ECR]
    ECRYPT. Ecrypt yearly report on algorithms and key lengths (2006), revision 1.1 (January 29, 2007)
  18. [EG08]
    Espinosa-Garcia, J.: The new Spanish electronic identity card: DNI-e. In: Conference on Cryptology and Digital Content Security (2008),
  19. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  20. [Gir91]
    Girault, M.: Self-certified public keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  21. [GPS06]
    Granger, R., Page, D., Smart, N.P.: High security pairing-based cryptography revisited. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 480–494. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. [GQ90]
    Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  23. [GS06]
    Granger, R., Smart, N.: On computing products of pairings. Cryptology ePrint Archive, Report 2006/172 (2006),
  24. [GST07]
    Großschädl, J., Szekely, A., Tillich, S.: The energy cost of cryptographic key establishment in wireless sensor networks. In: ASIACCS 2007, pp. 380–382. ACM, New York (2007)Google Scholar
  25. [Her06]
    Herranz, J.: Deterministic identity-based signatures for partial aggregation. Comput. J. 49(3), 322–330 (2006)CrossRefGoogle Scholar
  26. [Hes03]
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. [oIA08]
    Spanish Ministry of Internal Affairs. Electronic identity card (2008) (in Spanish),
  28. [Oka93]
    Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  29. [PH97]
    Petersen, H., Horster, P.: Self-certified keys – concepts and applications. In: Communications and Multimedia Security 1997, pp. 102–116 (1997)Google Scholar
  30. [PS00]
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)CrossRefzbMATHGoogle Scholar
  31. [SB06]
    Scott, M., Barreto, P.S.L.M.: Generating more mnt elliptic curves. Des. Codes Cryptography 38(2), 209–217 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  32. [Sch91]
    Schnorr, C.-P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)CrossRefzbMATHGoogle Scholar
  33. [Sha85]
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  34. [SOK00]
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Oiso, Japan (2000)Google Scholar
  35. [Str64]
    Strauss: Addition chains of vectors. American Mathematical Monthly 71(7), 806–808 (1964)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • David Galindo
    • 1
  • Flavio D. Garcia
    • 2
  1. 1.University of LuxembourgLuxembourg
  2. 2.Institute for Computing and Information SciencesRadboud University NijmegenThe Netherlands

Personalised recommendations