Paper 2015/525

Short Randomizable Signatures

David Pointcheval and Olivier Sanders

Abstract

Digital signature is a fundamental primitive with numerous applications. Following the development of pairing-based cryptography, several taking advantage of this setting have been proposed. Among them, the Camenisch-Lysyanskaya (CL) signature scheme is one of the most flexible and has been used as a building block for many other protocols. Unfortunately, this scheme suffers from a linear size in the number of messages to be signed which limits its use in many situations. In this paper, we propose a new signature scheme with the same features as CL-signatures but without the linear-size drawback: our signature consists of only two elements, whatever the message length, and our algorithms are more efficient. This construction takes advantage of using type 3 pairings, that are already widely used for security and efficiency reasons. We prove the security of our scheme without random oracles but in the generic group model. Finally, we show that protocols using CL-signatures can easily be instantiated with ours, leading to much more efficient constructions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. CT-RSA 2016
Keywords
Digital SignatureRandomizableBilinear Groups
Contact author(s)
oliviersanders @ live fr
History
2016-10-08: last of 2 revisions
2015-06-02: received
See all versions
Short URL
https://ia.cr/2015/525
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/525,
      author = {David Pointcheval and Olivier Sanders},
      title = {Short Randomizable Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/525},
      year = {2015},
      url = {https://eprint.iacr.org/2015/525}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.