## Cryptology ePrint Archive: Report 2016/549

Xiong Fan and Juan Garay and Payman Mohassel

Abstract: Motivated by the problem of one-time password generation with security against server breaches, we introduce the notion of {\em adjustable signature schemes} that allow the length of a signature to be adjusted---at the setup, signing or verification stages, depending on the application. Defining security for such schemes poses several challenges, such as: (i) different signature lengths should provide different levels of security, and (ii) the effort required for forging a very short signature (e.g., 6 bytes) should not be reusable for forging additional signatures. We provide security definitions that concretely capture the trade-off between signature length, number of forgeries and level of security provided by the scheme.

The above requirements rule out all existing solutions for short signatures. In this paper, as a feasibility result, we provide the first instantiation of all variants of adjustable signatures based on indistinguishability obfuscation. Our starting point is the state-of-the-art construction by Ramchen and Waters [ACM CCS 2014]. We observe that their scheme fails to meet our requirements for an adjustable signature scheme, and enhance it to obtain adjustable signatures with {\em shorter} signatures, {\em faster} signing and {\em strong} unforgeability. We also employ new proof techniques in order toobtain the above-mentioned notions of security.

For the simpler case where adversarial effort does not grow with the number of forgeries, we also provide a concrete construction based on the BLS signature scheme, by instantiating it using smaller group sizes that yield shorter signature lengths while providing reasonable security. We implement this scheme for various signature sizes an report on its efficiency.

Category / Keywords: public-key cryptography / Digital signatures, indistinguishability obfuscation, bilinear maps

Date: received 1 Jun 2016, last revised 10 Oct 2016

Contact author: xfan at cs cornell edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2016/549

[ Cryptology ePrint archive ]