Depending on the application, it is sometimes desirable to have strong unforgeability and in other situations desirable to have randomizable signatures. To get the best of both worlds, we introduce the notion of selective randomizability where the signer may for specific signatures provide randomization tokens that enable randomization.
Our structure-preserving signature scheme unifies the different pairing-based settings since it can be instantiated in both symmetric and asymmetric groups. Since previously optimal structure-preserving signatures had only been constructed in asymmetric bilinear groups this closes an important gap in our knowledge. Having a unified signature scheme that works in all types of bilinear groups is not just conceptually nice but also gives a hedge against future cryptanalytic attacks. An instantiation of our signature scheme in an asymmetric bilinear group may remain secure even if cryptanalysts later discover an efficiently computable homomorphism between the source groups.Category / Keywords: public-key cryptography / Structure-preserving signatures, automorphic signatures, selective randomizability Original Publication (in the same form): IACR-TCC-2014 Date: received 9 Feb 2014 Contact author: mehdi tibouchi at normalesup org Available format(s): PDF | BibTeX Citation Version: 20140214:154243 (All versions of this report) Discussion forum: Show discussion | Start new discussion