Cryptology ePrint Archive: Report 2015/525

Short Randomizable Signatures

David Pointcheval and Olivier Sanders

Abstract: Digital signature is a fundamental primitive with numerous applications. Following the development of pairing-based cryptography, several taking advantage of this setting have been proposed. Among them, the Camenisch-Lysyanskaya (CL) signature scheme is one of the most flexible and has been used as a building block for many other protocols. Unfortunately, this scheme suffers from a linear size in the number of messages to be signed which limits its use in many situations.

In this paper, we propose a new signature scheme with the same features as CL-signatures but without the linear-size drawback: our signature consists of only two elements, whatever the message length, and our algorithms are more efficient. This construction takes advantage of using type 3 pairings, that are already widely used for security and efficiency reasons.

We prove the security of our scheme without random oracles but in the generic group model. Finally, we show that protocols using CL-signatures can easily be instantiated with ours, leading to much more efficient constructions.

Category / Keywords: public-key cryptography / Digital Signature, Randomizable, Bilinear Groups

Original Publication (with major differences): CT-RSA 2016

Date: received 1 Jun 2015, last revised 8 Oct 2016

Contact author: oliviersanders at live fr

Available format(s): PDF | BibTeX Citation

Version: 20161008:102516 (All versions of this report)

Short URL: ia.cr/2015/525

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]