2,827 research outputs found
Improved (Almost) Tightly-Secure Structure-Preserving Signatures
Structure Preserving Signatures (SPS) allow the signatures and the messages signed to be further encrypted while retaining the ability to be proven valid under zero-knowledge. In particular, SPS are tailored to have structure suitable for Groth-Sahai NIZK proofs. More precisely, the messages, signatures, and verification keys are required to be elements of groups that support efficient bilinear-pairings (bilinear groups), and the signature verification consists of just evaluating one or more bilinear-pairing product equations. Since Groth-Sahai NIZK proofs can (with zero-knowledge) prove the validity of such pairing product equations, it leads to interesting applications such as blind signatures, group signatures, traceable signatures, group encryption, and delegatable credential systems.
In this paper, we further improve on the SPS scheme of Abe, Hofheinz, Nishimaki, Ohkubo and Pan (CRYPTO 2017) while maintaining only an -factor security reduction loss to the SXDH assumption. In particular, we compress the size of the signatures by almost 40%, and reduce the number of pairing-product equations in the verifier from fifteen to seven. Recall that structure preserving signatures are used in applications by encrypting the messages and/or the signatures, and hence these optimizations are further amplified as proving pairing-product equations in Groth-Sahai NIZK system is not frugal. While our scheme uses an important novel technique introduced by Hofheinz (EuroCrypt 2017), i.e., structure-preserving adaptive partitioning, our approach to building the signature scheme is different and this leads to the optimizations mentioned. Thus we make progress towards an open problem stated by Abe et al (CRYPTO 2017) to design more compact SPS-es with smaller number of group elements
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings
In 2001, Rivest et al. firstly introduced the concept of ring signatures. A
ring signature is a simplified group signature without any manager. It protects
the anonymity of a signer. The first scheme proposed by Rivest et al. was based
on RSA cryptosystem and certificate based public key setting. The first ring
signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their
scheme is also based on the general certificate-based public key setting too.
In 2002, Zhang and Kim proposed a new ID-based ring signature scheme using
pairings. Later Lin and Wu proposed a more efficient ID-based ring signature
scheme. Both these schemes have some inconsistency in computational aspect.
In this paper we propose a new ID-based ring signature scheme and a proxy
ring signature scheme. Both the schemes are more efficient than existing one.
These schemes also take care of the inconsistencies in above two schemes.Comment: Published with ePrint Archiv
Pairing-based identification schemes
We propose four different identification schemes that make use of bilinear
pairings, and prove their security under certain computational assumptions.
Each of the schemes is more efficient and/or more secure than any known
pairing-based identification scheme
- …