Efficient Fully Structure-Preserving Signatures for Large Messages
We construct both randomizable and strongly existentially unforgeable structure-preserving signatures for messages consisting of many group elements. To sign a message consisting of \(N=mn\) group elements we have a verification key size of m group elements and signatures contain \(n+2\) elements. Verification of a signature requires evaluating \(n+1\) pairing product equations.
We also investigate the case of fully structure-preserving signatures where it is required that the secret signing key consists of group elements only. We show a variant of our signature scheme allowing the signer to pick part of the verification key at the time of signing is still secure. This gives us both randomizable and strongly existentially unforgeable fully structure-preserving signatures. In the fully structure preserving scheme the verification key is a single group element, signatures contain \(m+n+1\) group elements and verification requires evaluating \(n+1\) pairing product equations.
KeywordsDigital signatures Pairing-based cryptography Full structure-preservation
We thank Masayuki Abe, Markulf Kohlweiss, Miyako Ohkubo and Mehdi Tibouchi for their comments and sharing an early version of [AKOT15] with us.
- [AKOT15]Abe, M., Kohlweiss, M., Ohkubo, M., Tibouchi, M.: Fully structure-preserving signatures and shrinking commitments. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 35–65. Springer, Heidelberg (2015)Google Scholar
- [BBG05]Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. Cryptology ePrint Archive, Report 2005/015 (2005)Google Scholar
- [CM15]Chatterjee, S., Menezes, A.: Type 2 structure-preserving signature schemes revisited. In: ASIACRYPT (2015)Google Scholar