Miyako Ohkubo scite author profile

A modular approach for cryptographic protocols leads to a simple design but often inefficient constructions. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest structure-preserving commitments and signatures to overcome this dilemma and provide a way to construct modular protocols with reasonable efficiency, while retaining conceptual simplicity. We focus on schemes in bilinear groups that preserve parts of the group structure, which makes it easy to combine them with other primitives such as non-interactive zero-knowledge proofs for bilinear groups. We say that a signature scheme is structure-preserving if its verification keys, signatures, and messages are elements in a bilinear group, and the verification equation is a conjunction of pairing-product equations. If moreover the verification keys lie in the message space, we call them automorphic. We present several efficient instantiations of automorphic and structure-preserving signatures, enjoying various other additional properties, such as simulatability. Among many applications, we give three examples: adaptively secure round-optimal blind signature schemes, a group signature scheme with efficient concurrent join, and an efficient instantiation of anonymous proxy signatures. A further contribution is homomorphic trapdoor commitments to group elements which are also length reducing. In contrast, the messages of previous homomorphic trapdoor commitment schemes are exponents.

show abstract

1-out-of-n Signatures from a Variety of Keys

Abe

2002

View full text Add to dashboard Cite

Abstract. This paper addresses how to use public-keys of several different signature schemes to generate 1-out-of-n signatures. Previously known constructions are for either RSA-keys only or DL-type keys only. We present a widely applicable method to construct a 1-out-of-n signature scheme that allows mixture use of different flavors of keys at the same time. The resulting scheme is more efficient than previous schemes even if it is used only with a single type of keys. With all DL-type keys, it yields shorter signatures than the ones of the previously known scheme based on the witness indistinguishable proofs by Cramer, et. al. With all RSA-type keys, it reduces both computational and storage costs compared to that of the Ring signatures by Rivest, et. al.

show abstract

Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups

et al. 2011

View full text Add to dashboard Cite

Abstract. Structure-preserving signatures are signatures defined over bilinear groups that rely on generic group operations. In particular, the messages and signatures consist of group elements and the verification of signatures consists of evaluating pairing product equations. Due to their purist nature structure-preserving signatures blend well with other pairingbased protocols. We show that structure-preserving signatures must consist of at least 3 group elements when the signer uses generic group operations. Usually, the generic group model is used to rule out classes of attacks by an adversary trying to break a cryptographic assumption. In contrast, here we use the generic group model to prove a lower bound on the complexity of digital signature schemes. We also give constructions of structure-preserving signatures that consist of 3 group elements only. This improves significantly on previous structure-preserving signatures that used 7 group elements and matches our lower bound. Our structure-preserving signatures have additional nice properties such as strong existential unforgeability and can sign multiple group elements at once.

show abstract

Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions

et al. 2015

View full text Add to dashboard Cite

This paper presents efficient structure-preserving signature schemes based on assumptions as simple as Decision-Linear. We first give two general frameworks for constructing fully secure signature schemes from weaker building blocks such as variations of one-time signatures and random-message secure signatures. They can be seen as refinements of the EvenGoldreich-Micali framework, and preserve many desirable properties of the underlying schemes such as constant signature size and structure preservation. We then instantiate them based on simple (i.e., not q-type) assumptions over symmetric and asymmetric bilinear groups. The resulting schemes are structure-preserving and yield constant-size signatures consisting of 11 to 17 group elements, which compares favorably to existing schemes relying on q-type assumptions for their security.

show abstract

Tagged One-Time Signatures: Tight Security and Optimal Tag Size

Abe

David

Kohlweiss

et al. 2013

View full text Add to dashboard Cite

We present an efficient structure-preserving tagged one-time signature scheme with tight security reductions to the decision-linear assumption. Our scheme features short tags consisting of a single group element and gives rise to the currently most efficient structure-preserving signature scheme based on the decision-liner assumption with constant-size signatures of only 14 group elements, where the record-so-far was 17 elements.To demonstrate the advantages of our scheme, we revisit the work by Hofheinz and Jager (CRYPTO 2012) and present the currently most efficient tightly secure public-key encryption scheme. We also obtain the first structure-preserving public-key encryption scheme featuring both tight security and public verifiability.

show abstract

RFID privacy issues and technical challenges

2005

View full text Add to dashboard Cite

show abstract

Converting Cryptographic Schemes from Symmetric to Asymmetric Bilinear Groups

Abe

Groth

Ohkubo³

et al. 2014

View full text Add to dashboard Cite

Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures

Abe

Groth

Ohkubo³

et al. 2014

View full text Add to dashboard Cite

Abstract. We construct a structure-preserving signature scheme that is selectively randomizable and works in all types of bilinear groups. We give matching lower bounds showing that our structure-preserving signature scheme is optimal with respect to both signature size and public verification key size. State of the art structure-preserving signatures in the asymmetric setting consist of 3 group elements, which is known to be optimal. Our construction preserves the signature size of 3 group elements and also at the same time minimizes the verification key size to 1 group element. Depending on the application, it is sometimes desirable to have strong unforgeability and in other situations desirable to have randomizable signatures. To get the best of both worlds, we introduce the notion of selective randomizability where the signer may for specific signatures provide randomization tokens that enable randomization. Our structure-preserving signature scheme unifies the different pairingbased settings since it can be instantiated in both symmetric and asymmetric groups. Since previously optimal structure-preserving signatures had only been constructed in asymmetric bilinear groups this closes an important gap in our knowledge. Having a unified signature scheme that works in all types of bilinear groups is not just conceptually nice but also gives a hedge against future cryptanalytic attacks. An instantiation of our signature scheme in an asymmetric bilinear group may remain secure even if cryptanalysts later discover an efficiently computable homomorphism between the source groups.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Miyako Ohkubo

Structure-Preserving Signatures and Commitments to Group Elements

1-out-of-n Signatures from a Variety of Keys

Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups

Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions

Tagged One-Time Signatures: Tight Security and Optimal Tag Size

RFID privacy issues and technical challenges

Converting Cryptographic Schemes from Symmetric to Asymmetric Bilinear Groups

Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures

Contact Info

Product

Resources

About