Paper 2014/635

Type 2 Structure-Preserving Signature Schemes Revisited

Sanjit Chatterjee and Alfred Menezes

Abstract

At CRYPTO 2014, Abe et al. presented generic-signer structure-preserving signature schemes using Type 2 pairings. According to the authors, the proposed constructions are optimal with only two group elements in each signature and just one verification equation. The schemes beat the known lower bounds in the Type 3 setting and thereby establish that the Type 2 setting permits construction of cryptographic schemes with unique properties not achievable in Type 3. In this paper we undertake a concrete analysis of the Abe et al. claims. By properly accounting for the actual structure of the underlying groups and subgroup membership testing of group elements in signatures, we show that the schemes are not as efficient as claimed. We present natural Type 3 analogues of the Type 2 schemes, and show that the Type 3 schemes are superior to their Type 2 counterparts in every aspect. We also formally establish that in the concrete mathematical structure of asymmetric pairing, all Type 2 structure-preserving signature schemes can be converted to the Type 3 setting without any penalty in security or efficiency, and show that the converse is false. Furthermore, we prove that the Type 2 setting does not allow one to circumvent the known lower bound result for the Type 3 setting. Our analysis puts the optimality claims for Type 2 structure-preserving signature in a concrete perspective and indicates an incompleteness in the definition of a generic bilinear group in the Type 2 setting.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in ASIACRYPT 2015
Contact author(s)
sanjit @ csa iisc ernet in
History
2015-09-10: last of 4 revisions
2014-08-21: received
See all versions
Short URL
https://ia.cr/2014/635
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/635,
      author = {Sanjit Chatterjee and Alfred Menezes},
      title = {Type 2 Structure-Preserving Signature Schemes Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/635},
      year = {2014},
      url = {https://eprint.iacr.org/2014/635}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.