Skip to main content
SpringerLink
Log in

Optimal Generic Attack Against Basic Boneh-Boyen Signatures

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13620))

  • 811 Accesses

Abstract

The Boneh-Boyen digital signature scheme is a pairing-based signature scheme that features short signatures consisting of one group element, the minimum possible size. In contrast to earlier short signature schemes such as Boneh-Lynn-Shacham, the Boneh-Boyen scheme achieves security without the use of random oracles, but at the cost of a non-standard mathematical assumption, the q-Strong Diffie-Hellman (or q-SDH) assumption, which is known to be less secure than discrete logarithms against generic attacks. However, unlike discrete logarithms, in which the fastest known generic attacks match the known provable lower bounds for solving generic discrete logarithms, the fastest known generic attacks against Boneh-Boyen prior to this work did not match the provable lower bounds for generically solving q-SDH instances. In this work, we demonstrate that when \(p-1\) has suitably sized divisors (where p is the order of the underlying group used in the scheme), which in particular almost always occurs for cryptographic pairings instantiated from elliptic curves, Boneh-Boyen can indeed be broken in the sense of weak existential forgery under chosen-message attack (the same security definition as what was used in the original Boneh-Boyen paper) in \(O(p^{\frac{1}{3}+\varepsilon })\) time using generic algorithms, matching the provable lower bound for generically solving q-SDH instances.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    These algorithms are usually attributed to Cheon, even though Brown and Gallant were first, because Cheon was the first to apply these algorithms specifically to q-SDH.

  2. 2.

    In fact, simply using \(\alpha =1\) works well enough in practice. The only reason we use a random \(\alpha \) is to randomize the input distribution, as explained in the next paragraph.

References

  1. Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 31–55. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_2

    Chapter  Google Scholar 

  2. Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_14

    Chapter  Google Scholar 

  3. Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4

    Chapter  Google Scholar 

  4. Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008). https://doi.org/10.1007/s00145-007-9005-7

    Article  MathSciNet  MATH  Google Scholar 

  5. Boneh, D., Boyen, X.: Efficient selective identity-based encryption without random oracles. J. Cryptol. 24(4), 659–693 (2011). https://doi.org/10.1007/s00145-010-9078-6

    Article  MathSciNet  MATH  Google Scholar 

  6. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  7. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003). https://doi.org/10.1007/3-540-44647-8_13

    Article  MathSciNet  MATH  Google Scholar 

  8. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30

    Chapter  Google Scholar 

  9. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004). https://doi.org/10.1007/s00145-004-0314-9

    Article  MathSciNet  MATH  Google Scholar 

  10. Brown D.R., Gallant, P.G.: The static Diffie-Hellman problem. Cryptology ePrint Archive, Paper 2004/306

    Google Scholar 

  11. Cheon, J.H.: Security analysis of the strong Diffie-Hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_1

    Chapter  Google Scholar 

  12. Cheon, J.H., Kim, T., Song, Y.: The discrete logarithm problem with auxiliary inputs, pp 71–92. De Gruyter (2014)

    Google Scholar 

  13. Cohen, H., et al.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)

    Book  Google Scholar 

  14. Ford, K.: The distribution of integers with a divisor in a given interval. Ann. Math. 168(2), 367–433 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  15. Guillevic, A.: A short-list of pairing-friendly curves resistant to special TNFS at the 128-bit security level. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 535–564. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_19

    Chapter  Google Scholar 

  16. Jao, D., Yoshida, K.: Boneh-Boyen signatures and the strong Diffie-Hellman problem. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 1–16. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03298-1_1

    Chapter  Google Scholar 

  17. Koblitz, N., Menezes, A.: Another look at generic groups. Adv. Math. Commun. 1(1), 13–28 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  18. Koblitz, N., Menezes, A.: The brave new world of bodacious assumptions in cryptography. Not. Am. Math. Soc. 57(3), 357–365 (2010)

    MathSciNet  MATH  Google Scholar 

  19. Kozaki, S., Kutsuma, T., Matsuo, K.: Remarks on Cheon’s algorithms for pairing-related problems. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 302–316. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73489-5_17

    Chapter  MATH  Google Scholar 

  20. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22

    Chapter  Google Scholar 

  21. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

This work is supported by research funding from NSERC, CryptoWorks21, Public Works and Government Services Canada, Canada First Research Excellence Fund, and the Royal Bank of Canada.

Author information

Authors and Affiliations

  1. Department of Combinatorics and Optimization, University of Waterloo, 200 University Ave. W, Waterloo, ON, N2L 3G1, Canada

    Yen-Kang Fu, Jonathan Chang & David Jao

  2. evolutionQ Inc., 2B-180 Columbia St. W, Waterloo, ON, N2L 3L3, Canada

    David Jao

Authors
  1. Yen-Kang Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jonathan Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Jao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Jao .

Editor information

Editors and Affiliations

  1. University of Aizu, Fukushima, Japan

    Chunhua Su

  2. Athens University of Economics and Business, Athens, Greece

    Dimitris Gritzalis

  3. Università degli Studi di Milano, Milan, Italy

    Vincenzo Piuri

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fu, YK., Chang, J., Jao, D. (2022). Optimal Generic Attack Against Basic Boneh-Boyen Signatures. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21280-2_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21279-6

  • Online ISBN: 978-3-031-21280-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation