Advertisement

Realizing Hash-and-Sign Signatures under Standard Assumptions

  • Susan Hohenberger
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)

Abstract

Currently, there are relatively few instances of “hash-and-sign” signatures in the standard model. Moreover, most current instances rely on strong and less studied assumptions such as the Strong RSA and q-Strong Diffie-Hellman assumptions. In this paper, we present a new approach for realizing hash-and-sign signatures in the standard model. In our approach, a signer associates each signature with an index i that represents how many signatures that signer has issued up to that point. Then, to make use of this association, we create simple and efficient techniques that restrict an adversary which makes q signature requests to forge on an index no greater than \(2^{\lceil \lg(q) \rceil} < 2q\). Finally, we develop methods for dealing with this restricted adversary. Our approach requires that a signer maintains a small amount of state — a counter of the number of signatures issued. We achieve two new realizations for hash-and-sign signatures respectively based on the RSA assumption and the Computational Diffie-Hellman assumption in bilinear groups.

Keywords

Hash Function Signature Scheme Random Oracle Random Oracle Model Bilinear Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ateniese, G., de Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Micali, S.: How to sign given any trapdoor function. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 200–215. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)Google Scholar
  5. 5.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Boyar, J., Kurtz, S.A., Krentel, M.W.: A discrete logarithm implementation of perfect zero-knowledge blobs. Journal of Cryptology 2(2), 63–76 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Camenisch, J.L., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Damgård, I.B.: Secure signature schemes based on interactive protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 297–310. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Cramer, R., Damgård, I.B.: New Generation of Secure and Practical RSA-Based Signatures. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 173–185. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM Trans. on Information and System Security 3(3), 161–185 (2000)CrossRefGoogle Scholar
  14. 14.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Dwork, C., Naor, M.: Universal one-way hash functions and their cryptographic applications. In: Symposium on the Theory of Computation, pp. 33–43 (1989)Google Scholar
  16. 16.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  17. 17.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Symposium on the Theory of Computing, pp. 197–206 (2008)Google Scholar
  19. 19.
    Goh, E.-J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. of Cryptology 20(4), 493–514 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Goldreich, O.: Two remarks concerning the Goldwasser-Micali-Rivest signature scheme. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 104–110. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  21. 21.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2) (1988)Google Scholar
  22. 22.
    Hohenberger, S., Waters, B.: Realizing hash-and-sign signatures under standard assumptions (2009), http://eprint.iacr.org/2009/028
  23. 23.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Network and Distributed System Security Symposium (2000)Google Scholar
  24. 24.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  25. 25.
    Miller, G.L.: Riemann’s hypothesis and tests for primality. Journal of Computer and System Sciences 13, 300–317 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Naccache, D.: Secure and practical identity-based encryption, Cryptology ePrint Archive: Report 2005/369 (2005)Google Scholar
  27. 27.
    Naor, M., Yung, M.: An efficient existentially unforgeable signature scheme and its applications. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 234–246. Springer, Heidelberg (1994)Google Scholar
  28. 28.
    Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  29. 29.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  30. 30.
    Rabin, M.O.: Probabilistic algorithm for testing primality. Journal of Number Theory 12, 128–138 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Symposium on the Theory of Computing, pp. 387–394. ACM, New York (1990)Google Scholar
  33. 33.
    Schnorr, C.P.: Efficient signature generation for smart cards. Journal of Cryptology 4(3), 239–252 (1991)CrossRefzbMATHGoogle Scholar
  34. 34.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Susan Hohenberger
    • 1
  • Brent Waters
    • 2
  1. 1.Johns Hopkins UniversityUSA
  2. 2.University of Texas at AustinUSA

Personalised recommendations