Cryptology ePrint Archive: Report 2014/915

Cryptanalysis of the Structure-Preserving Signature Scheme on Equivalence Classes from Asiacrypt 2014

Yanbin Pan

Abstract: At Asiacrypt 2014, Hanser and Slamanig presented a new cryptographic primitive called structure-preserving signature scheme on equivalence classes in the message space $(\G_1^*)^\ell $, where $\G_1$ is some additive cyclic group. Based on the signature scheme, they constructed an efficient multi-show attribute-based anonymous credential system that allows to encode an arbitrary number of attributes. The signature scheme was claimed to be existentially unforgeable under the adaptive chosen message attacks in the generic group model. However, for $\ell=2$, Fuchsbauer pointed out a valid existential forgery can be generated with overwhelming probability by using 4 adaptive chosen-message queries. Hence, the scheme is existentially forgeable under the adaptive chosen message attack at least when $\ell=2$. In this paper, we show that even for the general case $\ell\geq 2$, the scheme is \textit{existentially forgeable} under the \textit{non-adaptive} chosen message attack and \textit{universally forgeable} under the \textit{adaptive} chosen message attack. It is surprising that our attacks will succeed all the time and need fewer queries, which give a better description of the scheme's security.

Category / Keywords: Structure-preserving signature, equivalence classes, EUF-CMA, UF-CMA.

Original Publication (with major differences): CT-RSA 2016

Date: received 6 Nov 2014, last revised 22 Apr 2016

Contact author: panyanbin at amss ac cn

Available format(s): PDF | BibTeX Citation

Note: The final publication is available at

Version: 20160423:040438 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]