Advertisement

Type 2 Structure-Preserving Signature Schemes Revisited

  • Sanjit ChatterjeeEmail author
  • Alfred Menezes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9452)

Abstract

At CRYPTO 2014, Abe et al. presented generic-signer structure-preserving signature schemes using Type 2 pairings. According to the authors, the proposed constructions are optimal with only two group elements in each signature and just one verification equation. The schemes beat the known lower bounds in the Type 3 setting and thereby establish that the Type 2 setting permits construction of cryptographic schemes with unique properties not achievable in Type 3.

In this paper we undertake a concrete analysis of the Abe et al. claims. By properly accounting for the actual structure of the underlying groups and subgroup membership testing of group elements in signatures, we show that the schemes are not as efficient as claimed. We present natural Type 3 analogues of the Type 2 schemes, and show that the Type 3 schemes are superior to their Type 2 counterparts in every aspect. We also formally establish that in the concrete mathematical structure of asymmetric pairing, all Type 2 structure-preserving signature schemes can be converted to the Type 3 setting without any penalty in security or efficiency, and show that the converse is false. Furthermore, we prove that the Type 2 setting does not allow one to circumvent the known lower bound result for the Type 3 setting. Our analysis puts the optimality claims for Type 2 structure-preserving signature in a concrete perspective and indicates an incompleteness in the definition of a generic bilinear group in the Type 2 setting.

Keywords

Group Element Signature Scheme Signed Message Cryptographic Protocol Security Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

We thank Jens Groth and Francisco Rodríguez-Henríquez for their comments on an earlier draft of the paper. We also thank the Asiacrypt reviewers for their helpful feedback.

References

  1. 1.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  2. 2.
    Abe, M., Groth, J., Haralambiev, K., Ohkubo, M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 649–666. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  3. 3.
    Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Unified, minimal and selectively randomizable structure-preserving signatures. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 688–712. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. 4.
    Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Structure-preserving signatures from type II pairings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 390–407. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  5. 5.
    Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Structure-preserving signatures from type II pairings, full version of [4] (2014). http://eprint.iacr.org/2014/312
  6. 6.
    Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  7. 7.
    Barreto, P., Lynn, B., Scott, M.: Efficient implementation of pairing-based cryptosystems. J. Cryptol. 17, 321–334 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  9. 9.
    Barthe, G., Fagerholm, E., Fiore, D., Scedrov, A., Schmidt, B., Tibouchi, M.: Strongly-optimal structure preserving signatures from type II pairings: synthesis and lower bounds. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 355–376. Springer, Heidelberg (2015) Google Scholar
  10. 10.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  11. 11.
    Chase, M.: Efficient non-interactive zero-knowledge proofs for privacy applications. Ph.D. thesis, Brown University (2008)Google Scholar
  12. 12.
    Chatterjee, S., Hankerson, D., Knapp, E., Menezes, A.: Comparing two pairing-based aggregate signature schemes. Des. Codes Cryptogr. 55, 141–167 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Chatterjee, S., Menezes, A.: On cryptographic protocols employing asymmetric pairings - the role of \(\psi \) revisited. Discrete Appl. Math. 159, 1311–1322 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Chen, L., Cheng, Z., Smart, N.: Identity-based key agreement protocols from pairings. Inte. J. Inf. Secur. 6, 213–241 (2007)CrossRefGoogle Scholar
  15. 15.
    Ferrara, A.L., Green, M., Hohenberger, S., Pedersen, M.Ø.: Practical short signature batch verification. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 309–324. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  16. 16.
    Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. Discrete Appl. Math. 156, 3113–3121 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Ghadafi, E., Smart, N.P., Warinschi, B.: Groth–Sahai proofs revisited. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 177–192. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  19. 19.
    Groth, J., Sahai, A.: Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41, 1193–1232 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 491–511. Springer, Heidelberg (2014) Google Scholar
  21. 21.
    Hess, F., Smart, N., Vercauteren, F.: The eta pairing revisited. IEEE Trans. Inf. Theor. 52, 4595–4602 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Kachisa, E.J., Schaefer, E.F., Scott, M.: Constructing Brezing-Weng pairing-friendly elliptic curves using elements in the cyclotomic field. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 126–135. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  23. 23.
    Miyaji, A., Nakabayashi, M., Tanako, S.: New explicit condition of elliptic curve trace for FR-reduction. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E84–A, 1234–1243 (2001)Google Scholar
  24. 24.
    Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theor. 56, 455–461 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologc Research 2015

Authors and Affiliations

  1. 1.Department of Computer Science and AutomationIndian Institute of ScienceBengaluruIndia
  2. 2.Department of Combinatorics & OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations