New Paradigms in Signature Schemes

نویسندگان

  • Hovav Shacham
  • Dan Boneh
چکیده

Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higher-level protocols. Groups featuring a computable bilinear map are particularly well suited for signature-related primitives. For some signature variants the only construction known uses bilinear maps. Where constructions based on, e.g., RSA are known, bilinear-map–based constructions are simpler, more efficient, and yield shorter signatures. We describe several constructions that support this claim. First, we present the Boneh-Lynn-Shacham (BLS) short signature scheme. BLS signatures with 1024-bit security are 160 bits long, the shortest of any scheme based on standard assumptions. Second, we present Boneh-Gentry-Lynn-Shacham (BGLS) aggregate signatures. In an aggregate signature scheme it is possible to combine n signatures on n distinct messages from n distinct users into a single aggregate that provides nonrepudiation for all of them. BGLS aggregates are 160 bits long, regardless of how many signatures are aggregated. No construction is known for aggregate signatures that does not employ bilinear maps. BGLS aggregates give rise to verifiably encrypted signatures, a signature variant with applications in contract signing. Third, we present Boneh-Boyen-Shacham (BBS) group signatures. Group signatures provide anonymity for signers. Any member of the group can sign messages, but the resulting signature keeps the signer’s identity secret. Only the group manager can trace the signature, undoing its anonymity, using a special trapdoor. BBS group signatures are 1443 bits long, shorter than any previous scheme by an order of magnitude. The signing operation is also an order of magnitude more efficient than in previous schemes. Finally, we consider variants and extensions of the BBS group signature scheme, including a group signature with a novel revocation mechanism that we call verifier-local revocation (VLR). In a VLR group signature, messages announcing the revocation of some users need only be processed by the verifiers; the signers are stateless. We present the Boneh-Shacham VLR group signature scheme, which has signatures even shorter than in BBS.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Convertible limited (multi-) verifier signature: new constructions and applications

A convertible limited (multi-) verifier signature (CL(M)VS) provides controlled verifiability and preserves the privacy of the signer. Furthermore, limited verifier(s) can designate the signature to a third party or convert it into a publicly verifiable signature upon necessity. In this proposal, we first present a generic construction of convertible limited verifier signature (CLVS) into which...

متن کامل

Double voter perceptible blind signature based electronic voting protocol

Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this p...

متن کامل

Generic Security-Amplifying Methods of Ordinary Digital Signatures

Digital signatures are one of the most fundamental primitives in cryptography. In this paper, three new paradigms are proposed to obtain signatures that are secure against existential forgery under adaptively chosen message attacks (fully-secure, in short), from any weakly-secure signature. These transformations are generic, simple, and provably secure in the standard model. In the first paradi...

متن کامل

Generic Construction of (Identity-Based) Perfect Concurrent Signatures

The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson. In concurrent signature schemes, two entities can produce two signatures that are not binding, until one of the parties releases an extra piece of information (namely the keystone). Subsequently, it was noted that the concurrent signature scheme proposed in the seminal paper cannot provide perfect ambiguity...

متن کامل

The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures

For the last two decades the notion and implementations of proxy signatures have been used to allow transfer of digital signing power within some context (in order to enable flexibility of signers within organizations and among entities). On the other hand, various notions of the key-evolving signature paradigms (forward-secure, key-insulated, and intrusion-resilient signatures) have been sugge...

متن کامل

Hybrid Cryptography

This paper considers the idea that other schemes besides asymmetric encryption schemes can benefit from a formalisation of the principles of hybrid cryptography. The main focus of research in hybrid cryptography has been in producing efficient asymmetric encryption schemes. Not only have several schemes been proposed, but also a generic method of constructing hybrid encryption schemes from lowe...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005