In this paper, we invalidate their evidence by presenting a security proof of the prime-order version of their blind signature scheme. Our security proof follows a different strategy and exploits only the projecting property. Instead of the cancelling property, a new property, that we call {\em translating}, on prime-order bilinear groups plays an important role in the security proof, whose existence was not known in composite-order bilinear groups. With this proof, we obtain a $2$-move (i.e., round optimal) (partially) blind signature scheme (without random oracle) based on the decisional linear assumption in the common reference string model, which is of independent interest.
As the second contribution of this paper, we construct prime-order bilinear groups that possess both the cancelling and projecting properties at the same time by considering more general base groups. That is, we take a rank $n$ $\zp$-submodule of $\zp^{n^2}$, instead of $\zp^n$, to be a base group $G$, and consider the projections into its rank 1 submodules. We show that the subgroup decision assumption on this base group $G$ holds in the generic bilinear group model for $n=2$, and provide an efficient membership-checking algorithm to $G$, which was trivial in the previous setting. Consequently, it is still open whether there exists a cryptosystem on composite-order bilinear groups that cannot be constructed on prime-order bilinear groups.
Category / Keywords: public-key cryptography / Transformation, Composite-order Bilinear Groups, Prime-order Bilinear Groups, Round Optimal Blind Signatures Publication Info: An extended abstract of this paper was presented at TCC 2012. This is the full version. Date: received 11 Apr 2012, last revised 24 Jun 2012 Contact author: jhsbhs at gmail com Available format(s): PDF | BibTeX Citation Version: 20120625:054154 (All versions of this report) Short URL: ia.cr/2012/198 Discussion forum: Show discussion | Start new discussion