A Provably Secure Short Transitive Signature Scheme from Bilinear Group Pairs

  • Siamak Fayyaz Shahandashti
  • Mahmoud Salmasizadeh
  • Javad Mohajeri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)


We present a realization of the transitive signature scheme based on the algebraic properties of bilinear group pairs. The scheme is proven secure, i.e. transitively unforgeable under adaptive chosen message attack, assuming hardness of the computational co-Diffie-Hellman problem in bilinear group pairs and the security of the underlying standard signature scheme under known message attack. Our scheme mostly conforms to previously designed schemes of Micali-Rivest and Bellare-Neven in structure; yet there are two contributions: firstly, we take advantage of bilinear group pairs which were previously used by Boneh, Lynn, and Shacham to build short signature schemes. Secondly, we show that a slight modification in previous definitions of the transitive signature relaxes the security requirement for the underlying standard signature from being secure under chosen message attack to being secure under known message attack; thus shorter and more efficient signatures can be chosen for the underlying standard signature. These two facts eventually yield to short transitive signatures with respect to both node and edge signature size.


Signature Scheme Security Parameter Standard Signature Valid Signature Message Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barreto, P.: The Pairing-Based Crypto Lounge, Web Page,
  2. 2.
    Bellare, M., Neven, G.: Transitive Signatures Based on Factoring and RSA. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 397–414. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Neven, G.: Transitive Signatures: New Schemes and Proofs. Cryptology ePrint Archive: Report 2004/215 (Full version of [2]),,
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. In: The First Annual Conference on Computer and Communications Security, ACM, New York (1993), Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures – How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996), Full Paper: Google Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing 32(3), 586–615 (2001); Extended Abstract in Crypto 2001. Full Paper: MathSciNetCrossRefGoogle Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 514. Springer, Heidelberg (2001), Revised Full Paper: CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Mironov, I., Shoup, V.: A Secure Signature Scheme from Bilinear Maps. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 98–110. Springer, Heidelberg (2003), Full Paper: CrossRefGoogle Scholar
  9. 9.
    Coron, J.S.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 229. Springer, Heidelberg (2000), CrossRefGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing 17(2), 281–308 (1988), zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    Hevia, A., Micciancio, D.: The Provable Security of Graph-Based One-Time Signatures and Extensions to Algebraic Signature Schemes. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 379–396. Springer, Heidelberg (2002), CrossRefGoogle Scholar
  12. 12.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic Signature Schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 244. Springer, Heidelberg (2002), CrossRefGoogle Scholar
  13. 13.
    Joux, A., Nguyen, K.: Separating Decision Diffie-Hellman from Computational Diffie-Hellman in Cryptographic Groups. Journal of Cryptology 16(4), 239–247 (2003); A previous version also available online: Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Protocols. Cryptology ePrint Archive. Report 2001/003, zbMATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    Lipmaa, H.: Pairing-based Cryptography, Web Page on Cryptology Pointers,
  15. 15.
    Micali, S., Rivest, R.: Transitive Signature Schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 236. Springer, Heidelberg (2002), CrossRefGoogle Scholar
  16. 16.
    Molnar, D.: Homomorphic Signature Schemes. BA Thesis, Computer Science Dept. Harvard College. Cambridge. Massachusetts. Michael Rabin adv (2003),
  17. 17.
    Neven, G.: Provably secure identity-based identification schemes and transitive signatures. Ph.D. thesis. Katholieke Universiteit Leuven, Belgium (May 2004),
  18. 18.
    Rivest, R.: Two New Signature Schemes. Slides from Talk Given at Cambridge University (2000),
  19. 19.
    Sujing, Z.: Transitive Signatures Based on Non-adaptive Standard Signatures. Cryptography ePrint Archive. Report 2004/044,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Siamak Fayyaz Shahandashti
    • 1
  • Mahmoud Salmasizadeh
    • 2
  • Javad Mohajeri
    • 2
  1. 1.School of Electrical EngineeringSharif University of TechnologyTehranIran
  2. 2.Electronic Research CenterSharif University of TechnologyTehranIran

Personalised recommendations