On the Impossibility of Three-Move Blind Signature Schemes

  • Marc Fischlin
  • Dominique Schröder
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6110)

Abstract

We investigate the possibility to prove security of the well-known blind signature schemes by Chaum, and by Pointcheval and Stern in the standard model, i.e., without random oracles. We subsume these schemes under a more general class of blind signature schemes and show that finding security proofs for these schemes via black-box reductions in the standard model is hard. Technically, our result deploys meta-reduction techniques showing that black-box reductions for such schemes could be turned into efficient solvers for hard non-interactive cryptographic problems like RSA or discrete-log. Our approach yields significantly stronger impossibility results than previous meta-reductions in other settings by playing off the two security requirements of the blind signatures (unforgeability and blindness).

Keywords

Blind signature scheme black-box reduction meta-reduction random oracle round complexity 

References

  1. 1.
    Abe, M.: A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Abe, M., Ohkubo, M.: A Framework for Universally Composable Non-Committing Blind Signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 435–450. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Barak, B.: How to Go Beyond the Black-Box Simulation Barrier. In: Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS) 2001, pp. 106–115. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  4. 4.
    Bresson, E., Monnerat, J., Vergnaud, D.: Separation Results on the “One-More” Computational Problems. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 71–87. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The One-More-RSA-Inversion Problems and the Security of Chaum’s Blind Signature Scheme. Journal of Cryptology 16(3), 185–215 (2003)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Boldyreva, A.: Efficient Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Brown, D.: What Hashes Make RSA-OAEP Secure? Number 2006/223 in Cryptology eprint archive (2006), eprint.iacr.org
  8. 8.
    D. Brown. Irreducibility to the One-More Evaluation Problems: More May Be Less. Number 2007/435 in Cryptology eprint archive (2007), eprint.iacr.org
  9. 9.
    Boneh, D., Venkatesan, R.: Breaking RSA May Be Easier Than Factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable Zero-Knowledge. In: Proceedings of the Annual Symposium on the Theory of Computing (STOC) 2000, pp. 235–244. ACM Press, New York (2000)Google Scholar
  11. 11.
    Chaum, D.: Blind Signatures for Untraceable Payments. In: Advances in Cryptology — Crypto 1982, pp. 199–203. Plemum, New York (1983)Google Scholar
  12. 12.
    Camenisch, J., Koprowski, M., Warinschi, B.: Efficient Blind Signatures Without Random Oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Camenisch, J., Neven, G., Shelat, A.: Simulatable Adaptive Oblivious Transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Coron, J.-S.: Optimal Security Proofs for PSS and Other Signature Schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004)MATHMathSciNetGoogle Scholar
  16. 16.
    Fischlin, M.: Round-Optimal Composable Blind Signatures in the Common Reference String Model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60–77. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Fischlin, M., Schröder, D.: Security of Blind Signatures under Aborts. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 297–316. Springer, Heidelberg (2009)Google Scholar
  18. 18.
    Goldreich, O., Krawczyk, H.: On the composition of Zero-Knowledge Proof Systems. SIAM Journal on Computing 25(1), 169–192 (1996)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Horvitz, O., Katz, J.: Universally-Composable Two-Party Computation in Two Rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Hazay, C., Katz, J., Koo, C.-Y., Lindell, Y.: Concurrently-Secure Blind Signatures Without Random Oracles or Setup Assumptions. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 323–341. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Impagliazzo, R., Rudich, S.: Limits on the Provable Consequences of One-Way Permutations. In: Proceedings of the Annual Symposium on the Theory of Computing, STOC 1989, pp. 44–61. ACM Press, New York (1989)Google Scholar
  22. 22.
    Juels, A., Luby, M., Ostrovsky, R.: Security of Blind Digital Signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)Google Scholar
  23. 23.
    Kiayias, A., Zhou, H.-S.: Concurrent Blind Signatures Without Random Oracles. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 49–62. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Kiayias, A., Zhou, H.-S.: Equivocal Blind Signatures and Adaptive UC-Security. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 340–355. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Lindell, Y.: Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions. In: Proceedings of the Annual Symposium on the Theory of Computing, STOC 2003, pp. 683–692. ACM Press, New York (2003)Google Scholar
  26. 26.
    Okamoto, T.: Efficient Blind and Partially Blind Signatures Without Random Oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13(3), 361–396 (2000)MATHCrossRefGoogle Scholar
  28. 28.
    Paillier, P., Villar, J.L.: Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 252–266. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Rückert, M.: Lattice-based Blind Signatures. Cryptology ePrint Archive, Report 2008/322 (2008) http://eprint.iacr.org/
  30. 30.
    Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of Reducibility between Cryptographic Primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)Google Scholar
  31. 31.
    Simon, D.: Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Marc Fischlin
    • 1
  • Dominique Schröder
    • 1
  1. 1.Darmstadt University of TechnologyGermany

Personalised recommendations