Paper 2014/915

Cryptanalysis of the Structure-Preserving Signature Scheme on Equivalence Classes from Asiacrypt 2014

Yanbin Pan

Abstract

At Asiacrypt 2014, Hanser and Slamanig presented a new cryptographic primitive called structure-preserving signature scheme on equivalence classes in the message space $(\G_1^*)^\ell $, where $\G_1$ is some additive cyclic group. Based on the signature scheme, they constructed an efficient multi-show attribute-based anonymous credential system that allows to encode an arbitrary number of attributes. The signature scheme was claimed to be existentially unforgeable under the adaptive chosen message attacks in the generic group model. However, for $\ell=2$, Fuchsbauer pointed out a valid existential forgery can be generated with overwhelming probability by using 4 adaptive chosen-message queries. Hence, the scheme is existentially forgeable under the adaptive chosen message attack at least when $\ell=2$. In this paper, we show that even for the general case $\ell\geq 2$, the scheme is \textit{existentially forgeable} under the \textit{non-adaptive} chosen message attack and \textit{universally forgeable} under the \textit{adaptive} chosen message attack. It is surprising that our attacks will succeed all the time and need fewer queries, which give a better description of the scheme's security.

Note: The final publication is available at http://link.springer.com/book/10.1007%2F978-3-319-29485-8