### Reassessing Security of Randomizable Signatures

David Pointcheval and Olivier Sanders

##### Abstract

The Camenisch-Lysyanskaya (CL) signature is a very popular tool in cryptography, especially among privacy-preserving constructions. Indeed, the latter benefit from their numerous features such as randomizability. Following the evolution of pairing-based cryptography, with the move from symmetric pairings to asymmetric pairings, Pointcheval and Sanders (PS) proposed at CT-RSA '16 an alternative scheme which improves performances while keeping the same properties. Unfortunately, CL and PS signatures raise concerns in the cryptographic community because they both rely on interactive assumptions that essentially state their EUF-CMA security. This lack of precise security assessment is obviously a barrier to a widespread use of these signatures and a reason for preferring other constructions, such as the ones relying on $q$-type assumptions. In this paper, we study more thoroughly the security of these signatures and prove that it actually relies, for both constructions, on simple variants of the $\textsf{SDH}$ assumption, assuming a slight modification of the original constructions. Our work thus shows that the CL and PS signature schemes offer similar security guarantees as those provided by several other constructions using bilinear groups, and so that one can benefit from their interesting features without jeopardizing security.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision.CT-RSA '18
Keywords
bilinear pairingsrandomizable signaturecomputational assumption
Contact author(s)
olivier sanders @ orange com
History
Short URL
https://ia.cr/2017/1197

CC BY

BibTeX

@misc{cryptoeprint:2017/1197,
author = {David Pointcheval and Olivier Sanders},
title = {Reassessing Security of Randomizable Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2017/1197},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/1197}},
url = {https://eprint.iacr.org/2017/1197}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.