## Cryptology ePrint Archive: Report 2017/025

Improved Structure Preserving Signatures under Standard Bilinear Assumptions

Charanjit S. Jutla and Arnab Roy

Abstract: We show that the recent structure-preserving signature (SPS) scheme of Kiltz, Pan and Wee [CRYPTO 2015], provably secure under the standard bilinear pairings group assumption SXDH, can be improved to have one less group element and one less pairing product equation in the signature verification step. Our improved SPS scheme only requires six group elements (five in one group, and one in the other), and two pairing product equations for verification. The number of pairing product equations is optimal, as it matches a known lower bound of Abe et al [CRYPTO 2011]. The number of group elements in the signature also approaches the known lower bound of four for SXDH assumption. Further, while the earlier scheme had a security reduction which incurred a security loss that is quadratic in number of queries $Q$, our novel security reduction incurs only a $Q \log{Q}$ factor loss in security.

Structure-preserving signatures are used pervasively in group signatures, group encryptions, blind signatures, proxy signatures and many other anonymous credential applications. Our work directly leads to improvements in these schemes. Moreover, the improvements are usually of a higher multiplicative factor order, as these constructions use Groth-Sahai NIZK proofs for zero-knowledge verification of pairing-product equations.

We also give our construction under the more general and standard $\D_k$-MDDH (Matrix-DDH) assumption. The signature size in our scheme is $3k+2$ elements in one group, and one element in the other. The number of pairing product equations required for verification is only $2k$, whereas the earlier schemes required at least $2k+1$ equations.

Category / Keywords: QA-NIZK, SXDH, MDDH, group signatures, blind signatures, Cramer-Shoup encryption

Original Publication (in the same form): IACR-PKC-2017

Date: received 10 Jan 2017, last revised 11 Jan 2017

Contact author: csjutla at us ibm com, arnabr@gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/025

[ Cryptology ePrint archive ]