Signature Schemes with Randomized Verification
A signature scheme consists of a setup, signing and verification algorithms. In most existing works, the verification algorithm is assumed to be deterministic. However, there could be signature schemes where the verification algorithm is randomized. In this work, we study signature schemes with randomized verification. Our results can be summarized as follows.
First, we present a security definition for signature schemes with randomized verification. The standard EUFCMA notion of security for signature schemes with deterministic verification is very restrictive when we consider randomized verification. Therefore, we propose a new security definition called \(\chi \)-EUFCMA which captures a broad class of signature schemes with randomized verification.
Next, we analyse the security of Naor’s transformation from Identity Based Encryption to signature schemes. Such a transformation results in a scheme with randomized verification. We show that this transformation can be proven \(\chi \)-EUFCMA secure by choosing \(\chi \) appropriately.
Finally, we show how a scheme with randomized verification can be generically transformed to one with deterministic verification.
- 12.Yao, A.C.: Theory and application of trapdoor functions. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, SFCS 1982, pp. 80–91 (1982). http://dx.doi.org/10.1109/SFCS.1982.95