Abstract
The Boneh-Boyen digital signature scheme is a pairing-based signature scheme that features short signatures consisting of one group element, the minimum possible size. In contrast to earlier short signature schemes such as Boneh-Lynn-Shacham, the Boneh-Boyen scheme achieves security without the use of random oracles, but at the cost of a non-standard mathematical assumption, the q-Strong Diffie-Hellman (or q-SDH) assumption, which is known to be less secure than discrete logarithms against generic attacks. However, unlike discrete logarithms, in which the fastest known generic attacks match the known provable lower bounds for solving generic discrete logarithms, the fastest known generic attacks against Boneh-Boyen prior to this work did not match the provable lower bounds for generically solving q-SDH instances. In this work, we demonstrate that when \(p-1\) has suitably sized divisors (where p is the order of the underlying group used in the scheme), which in particular almost always occurs for cryptographic pairings instantiated from elliptic curves, Boneh-Boyen can indeed be broken in the sense of weak existential forgery under chosen-message attack (the same security definition as what was used in the original Boneh-Boyen paper) in \(O(p^{\frac{1}{3}+\varepsilon })\) time using generic algorithms, matching the provable lower bound for generically solving q-SDH instances.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
These algorithms are usually attributed to Cheon, even though Brown and Gallant were first, because Cheon was the first to apply these algorithms specifically to q-SDH.
- 2.
In fact, simply using \(\alpha =1\) works well enough in practice. The only reason we use a random \(\alpha \) is to randomize the input distribution, as explained in the next paragraph.
References
Barbulescu, R., Gaudry, P., Kleinjung, T.: The tower number field sieve. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 31–55. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_2
Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_14
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4
Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008). https://doi.org/10.1007/s00145-007-9005-7
Boneh, D., Boyen, X.: Efficient selective identity-based encryption without random oracles. J. Cryptol. 24(4), 659–693 (2011). https://doi.org/10.1007/s00145-010-9078-6
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004). https://doi.org/10.1007/s00145-004-0314-9
Brown D.R., Gallant, P.G.: The static Diffie-Hellman problem. Cryptology ePrint Archive, Paper 2004/306
Cheon, J.H.: Security analysis of the strong Diffie-Hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_1
Cheon, J.H., Kim, T., Song, Y.: The discrete logarithm problem with auxiliary inputs, pp 71–92. De Gruyter (2014)
Cohen, H., et al.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)
Ford, K.: The distribution of integers with a divisor in a given interval. Ann. Math. 168(2), 367–433 (2008)
Guillevic, A.: A short-list of pairing-friendly curves resistant to special TNFS at the 128-bit security level. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 535–564. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_19
Jao, D., Yoshida, K.: Boneh-Boyen signatures and the strong Diffie-Hellman problem. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 1–16. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03298-1_1
Koblitz, N., Menezes, A.: Another look at generic groups. Adv. Math. Commun. 1(1), 13–28 (2007)
Koblitz, N., Menezes, A.: The brave new world of bodacious assumptions in cryptography. Not. Am. Math. Soc. 57(3), 357–365 (2010)
Kozaki, S., Kutsuma, T., Matsuo, K.: Remarks on Cheon’s algorithms for pairing-related problems. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 302–316. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73489-5_17
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725
Acknowledgments
This work is supported by research funding from NSERC, CryptoWorks21, Public Works and Government Services Canada, Canada First Research Excellence Fund, and the Royal Bank of Canada.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Fu, YK., Chang, J., Jao, D. (2022). Optimal Generic Attack Against Basic Boneh-Boyen Signatures. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-031-21280-2_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21279-6
Online ISBN: 978-3-031-21280-2
eBook Packages: Computer ScienceComputer Science (R0)