Public-Key Cryptography – PKC 2013 pp 312-331
Tagged One-Time Signatures: Tight Security and Optimal Tag Size
- Cite this paper as:
- Abe M., David B., Kohlweiss M., Nishimaki R., Ohkubo M. (2013) Tagged One-Time Signatures: Tight Security and Optimal Tag Size. In: Kurosawa K., Hanaoka G. (eds) Public-Key Cryptography – PKC 2013. Lecture Notes in Computer Science, vol 7778. Springer, Berlin, Heidelberg
We present an efficient structure-preserving tagged one-time signature scheme with tight security reductions to the decision-linear assumption. Our scheme features short tags consisting of a single group element and gives rise to the currently most efficient structure-preserving signature scheme based on the decision-liner assumption with constant-size signatures of only 14 group elements, where the record-so-far was 17 elements.
To demonstrate the advantages of our scheme, we revisit the work by Hofheinz and Jager (CRYPTO 2012) and present the currently most efficient tightly secure public-key encryption scheme. We also obtain the first structure-preserving public-key encryption scheme featuring both tight security and public verifiability.
KeywordsTagged One-Time Signatures Structure-Preserving Signatures Tight Security Reduction Decision Linear Assumption
Unable to display preview. Download preview PDF.