Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures
نویسندگان
چکیده
In this work, we explore building constructions with full domain hash structure, but with standard model proofs that do not employ the random oracle heuristic. The launching point for our results will be the utilization of a “leveled” multilinear map setting for which Garg, Gentry, and Halevi (GGH) recently gave an approximate candidate. Our first step is the creation of a standard model signature scheme that exhibits the structure of the Boneh, Lynn and Shacham signatures. In particular, this gives us a signature that admits unrestricted aggregation. We build on this result to offer the first identity-based aggregate signature scheme that admits unrestricted aggregation. In our construction, an arbitrary-sized set of signatures on identity/message pairs can be aggregated into a single group element, which authenticates the entire set. The identity-based setting has important advantages over regular aggregate signatures in that it eliminates the considerable burden of having to store, retrieve or verify a set of verification keys, and minimizes the total cryptographic overhead that must be attached to a set of signer/message pairs. While identity-based signatures are trivial to achieve, their aggregate counterparts are not. To the best of our knowledge, no prior candidate for realizing unrestricted identity-based aggregate signatures exists in either the standard or random oracle models. ? Supported by the National Science Foundation (NSF) CNS-1154035, CNS-1228443; the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750-11-2-0211, the Office of Naval Research under contract N00014-11-1-0470, and a Microsoft Faculty Fellowship. ?? Research supported in part from a DARPA/ONR PROCEED award, NSF grants 1228984, 1136174, 1118096, 1065276, 0916574 and 0830803, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the U.S. Office of Naval Research under Contract N00014-11-1-0389. ? ? ? Supported by NSF CNS-0915361, CNS-0952692, CNS-1228599; DARPA through the U.S. Office of Naval Research under Contract N00014-11-1-0382, DARPA N11AP20006, a Google Faculty Research Award, an Alfred P. Sloan Fellowship, a Microsoft Faculty Fellowship, and a Packard Foundation Fellowship. Applying to all authors, the views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. A key technical idea underlying these results is the realization of a hash function with a Naor-Reingold-type structure that is publicly computable using repeated application of the multilinear map. We present our results in a generic “leveled” multilinear map setting and then show how they can be translated to the GGH graded algebras analogue of multilinear
منابع مشابه
Identity-Based Key-Encapsulation Mechanism from Multilinear Maps
We construct an Identity-Based Key Encapsulation Mechanism (IBKEM) in a generic “leveled” multilinear map setting and prove its security under multilinear decisional Diffie-Hellmanin assumption in the selective-ID model. Then, we make our IB-KEM translated to the GGH framework, which defined an “approximate” version of a multilinear group family from ideal lattices, and modify our proof of secu...
متن کاملID-based Proxy Re-signature with Aggregate Property
Recently, Garg et al. proposed an approximate candidate of leveled multi-linear map that can be used for unrestricted aggregation. In this work, we explore building construction of ID-based proxy re-signature with aggregate property, which has many applications. Our construction utilizes the full domain hash structure from multi-linear map proposed by Hohenburger et al. In particular, Hohenburg...
متن کاملProgrammable Hash Functions in the Multilinear Setting
We adapt the concept of a programmable hash function (PHF, Crypto 2008) to a setting in which a multilinear map is available. This enables new PHFs with previously unachieved parameters. To demonstrate their usefulness, we show how our (standard-model) PHFs can replace random oracles in several well-known cryptographic constructions. Namely, we obtain standard-model versions of the BonehFrankli...
متن کاملEfficient Key-policy Attribute-based Encryption for General Boolean Circuits from Multilinear Maps
We propose an efficient Key-policy Attribute-based Encryption (KP-ABE) scheme for general (monotone) Boolean circuits based on secret sharing and on a very particular and simple form of leveled multilinear maps, called chained multilinear maps. The number of decryption key components is substantially reduced in comparison with the scheme in [6], and the size of the multilinear map (in terms of ...
متن کاملSecurity Analysis of the Unrestricted Identity-Based Aggregate Signature Scheme
Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different si...
متن کامل