Advertisement

Efficient Signatures on Randomizable Ciphertexts

Conference paper
  • 248 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)

Abstract

Randomizable encryption lets anyone randomize a ciphertext so it is distributed like a fresh encryption of the same plaintext. Signatures on randomizable ciphertexts (SoRC), introduced by Blazy et al. (PKC’11), let one adapt a signature on a ciphertext to a randomization of the latter. Since signatures can only be adapted to ciphertexts that encrypt the same message as the signed ciphertext, signatures obliviously authenticate plaintexts. SoRC have been used as a building block in e-voting, blind signatures and (delegatable) anonymous credentials.

We observe that SoRC can be seen as signatures on equivalence classes (JoC’19), another primitive with many applications to anonymous authentication, and that SoRC provide better anonymity guarantees. We first strengthen the unforgeability notion for SoRC and then give a scheme that provably achieves it in the generic group model. Signatures in our scheme consist of 4 bilinear-group elements, which is considerably more efficient than prior schemes.

Notes

Acknowledgement

This is work is funded in part by the MSR–Inria Joint Centre. Fuchsbauer is supported by the Vienna Science and Technology Fund (WWTF) through project VRG18-002.

References

  1. [AFG10]
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_12CrossRefGoogle Scholar
  2. [AGHO11]
    Abe, M., Groth, J., Haralambiev, K., Ohkubo, M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 649–666. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_37CrossRefzbMATHGoogle Scholar
  3. [AGO11]
    Abe, M., Groth, J., Ohkubo, M.: Separating short structure-preserving signatures from non-interactive assumptions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 628–646. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_34CrossRefGoogle Scholar
  4. [AW98]
    Deschamps, C., Warusfel, A., Moulin, F.: Mathématiques 1ère année: Cours et exercices corrigés. Editions Dunod (1998)Google Scholar
  5. [BCC09]
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_7CrossRefGoogle Scholar
  6. [BCKL08]
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_20CrossRefGoogle Scholar
  7. [BFPV11]
    Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Signatures on randomizable ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 403–422. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19379-8_25CrossRefGoogle Scholar
  8. [BFPV13]
    Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Short blind signatures. J. Comput. Secur. 21(5), 627–661 (2013)CrossRefGoogle Scholar
  9. [BHKS18]
    Backes, M., Hanzlik, L., Kluczniak, K., Schneider, J.: Signatures with flexible public key: introducing equivalence classes for public keys. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 405–434. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03329-3_14CrossRefGoogle Scholar
  10. [BL13]
    Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 1087–1098. ACM Press, November 2013Google Scholar
  11. [BMW03]
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_38CrossRefGoogle Scholar
  12. [Bra00]
    Brands, S.: Rethinking Public-Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)CrossRefGoogle Scholar
  13. [BSZ05]
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30574-3_11CrossRefGoogle Scholar
  14. [CCFG16]
    Chaidos, P., Cortier, V., Fuchsbauer, G., Galindo, D.: BeleniosRF: a non-interactive receipt-free electronic voting scheme. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1614–1625. ACM Press, October 2016Google Scholar
  15. [CFL19]
    Cortier, V., Filipiak, A., Lallemand, J.: BeleniosVS: secrecy and verifiability against a corrupted voting device. In: 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), pp. 367–36714. IEEE (2019)Google Scholar
  16. [CG05]
    Camenisch, J., Groth, J.: Group signatures: better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30598-9_9CrossRefGoogle Scholar
  17. [CGG19]
    Cortier, V., Gaudry, P., Glondu, S.: Belenios: a simple private and verifiable electronic voting system. In: Guttman, J.D., Landwehr, C.E., Meseguer, J., Pavlovic, D. (eds.) Foundations of Security, Protocols, and Equational Reasoning. LNCS, vol. 11565, pp. 214–238. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-19052-1_14CrossRefzbMATHGoogle Scholar
  18. [CL03]
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36413-7_20CrossRefGoogle Scholar
  19. [CL04]
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_4CrossRefGoogle Scholar
  20. [CL19]
    Crites, E.C., Lysyanskaya, A.: Delegatable anonymous credentials from mercurial signatures. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 535–555. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-12612-4_27CrossRefGoogle Scholar
  21. [DHO16]
    Damgård, I., Haagh, H., Orlandi, C.: Access control encryption: enforcing information flow with cryptography. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 547–576. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53644-5_21CrossRefzbMATHGoogle Scholar
  22. [DHS15]
    Derler, D., Hanser, C., Slamanig, D.: A new approach to efficient revocable attribute-based anonymous credentials. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 57–74. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-27239-9_4CrossRefzbMATHGoogle Scholar
  23. [DS18]
    Derler, D., Slamanig, D.: Highly-efficient fully-anonymous dynamic group signatures. In: Kim, J., Ahn, G.-J., Kim, S., Kim, Y., López, J., Kim, T. (eds.) ASIACCS 18, pp. 551–565. ACM Press, April 2018Google Scholar
  24. [ElG85]
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor. 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  25. [FG18]
    Fuchsbauer, G., Gay, R.: Weakly secure equivalence-class signatures from standard assumptions. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 153–183. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76581-5_6CrossRefGoogle Scholar
  26. [FGKO17]
    Fuchsbauer, G., Gay, R., Kowalczyk, L., Orlandi, C.: Access control encryption for equality, comparison, and more. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 88–118. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54388-7_4CrossRefGoogle Scholar
  27. [FHKS16]
    Fuchsbauer, G., Hanser, C., Kamath, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model from weaker assumptions. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 391–408. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44618-9_21CrossRefGoogle Scholar
  28. [FHS15]
    Fuchsbauer, G., Hanser, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 233–253. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_12CrossRefzbMATHGoogle Scholar
  29. [FHS19]
    Fuchsbauer, G., Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. J. Cryptology 32(2), 498–546 (2019)MathSciNetCrossRefGoogle Scholar
  30. [Fuc11]
    Fuchsbauer, G.: Commuting signatures and verifiable encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 224–245. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_14CrossRefGoogle Scholar
  31. [GS08]
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_24CrossRefGoogle Scholar
  32. [HPP20]
    Hébant, C., Phan, D.H., Pointcheval, D.: Linearly-homomorphic signatures and scalable mix-nets. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 597–627. Springer, Cham (2020).  https://doi.org/10.1007/978-3-030-45388-6_21CrossRefGoogle Scholar
  33. [HS14]
    Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 491–511. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_26CrossRefGoogle Scholar
  34. [KSD19]
    Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 491–511. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_26CrossRefGoogle Scholar
  35. [Sch80]
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. J. ACM (JACM) 27(4), 701–717 (1980)MathSciNetCrossRefGoogle Scholar
  36. [Sho97]
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_18CrossRefGoogle Scholar
  37. [Wat05]
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.InriaParisFrance
  2. 2.ENS, CNRS, PSL UniversityParisFrance
  3. 3.TU WienViennaAustria

Personalised recommendations