Short and Adjustable Signatures

Motivated by the problem of one-time password generation, we introduce the notion of adjustable signature schemes that allow the length of a signature to be adjusted—at the setup, signing or verification stages, depending on the application. We provide security definitions that precisely capture the trade-off between signature length and security for such schemes. We then provide both concrete and general feasibility results. As a feasibility result, we provide the first instantiation of all variants of adjustable signatures based on indistinguishability obfuscation. Our starting point is the state-of-the-art construction by Ramchen and Waters [CCS 2014]. We observe that their scheme fails to meet our requirements for an adjustable signatures scheme, and enhance it to obtain shorter (and adjustable) signatures, faster signing and strong unforgeability. For the simpler case of setup-adjustable signatures, we also provide a concrete construction based on the BLS signature scheme, by instantiating it using smaller group sizes that yield shorter signature lengths while providing reasonable security. We implement this scheme for various signature sizes an report on its efficiency.