Equivocal blind signatures and adaptive UC-security

Authors:
Aggelos Kiayias;Hong-Sheng Zhou
Affiliations:
Computer Science and Engineering, University of Connecticut, Storrs, CT;Computer Science and Engineering, University of Connecticut, Storrs, CT
Venue:
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Year:
2008

Citing 25
Cited 9

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Divertible zero knowledge interactive proofs and commutative random self-reducibility

EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Adaptive zero knowledge and computational equivocation (extended abstract)

STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
New blind signatures equivalent to factorization (extended abstract)

Proceedings of the 4th ACM conference on Computer and communications security
Universally composable two-party and multi-party secure computation

STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Security of Blind Digital Signatures (Extended Abstract)

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure Blind Signature Schemes

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Bounded-concurrent secure two-party computation without setup assumptions

Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Universally Composable Security: A New Paradigm for Cryptographic Protocols

FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Strengthening Zero-Knowledge Protocols Using Signatures

Journal of Cryptology
Public-key cryptosystems based on composite degree residuosity classes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Concurrently-secure blind signatures without random oracles or setup assumptions

TCC'07 Proceedings of the 4th conference on Theory of cryptography
Universally-composable two-party computation in two rounds

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Efficient blind signatures without random oracles

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Relaxing environmental security: monitored functionalities and client-server computation

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Concurrent blind signatures without random oracles

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Round-optimal composable blind signatures in the common reference string model

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Perfect non-interactive zero knowledge for NP

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Efficient blind and partially blind signatures without random oracles

TCC'06 Proceedings of the Third conference on Theory of Cryptography
Trading static for adaptive security in universally composable zero-knowledge

ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming

Security of Blind Signatures under Aborts

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
A Framework for Universally Composable Non-committing Blind Signatures

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Impossibility of blind signatures from one-way permutations

TCC'11 Proceedings of the 8th conference on Theory of cryptography
Round optimal blind signatures

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
A framework for universally composable non-committing blind signatures

International Journal of Applied Cryptography
On the impossibility of three-move blind signature schemes

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
A framework for universally composable non-committing blind signatures

International Journal of Applied Cryptography
Practical round-optimal blind signatures without random oracles or non-interactive zero-knowledge proofs

Security and Communication Networks
Security of blind signatures revisited

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the design of adaptively secure blind signatures in the universal composability (UC) setting. First, we introduce a new property for blind signature schemes that is suitable for arguing security against adaptive adversaries: an equivocal blind signature is a blind signature where there exists a simulator that has the power of making signing transcripts correspond to any message signature pair. Second, we present a general construction methodology for building adaptively secure blind signatures: the starting point is a 2-move "equivocal lite blind signature", a lightweight 2-party signature protocol that we formalize and implement both generically as well as concretely; formalizing a primitive as "lite" means that the adversary is required to show all private tapes of adversarially controlled parties; this enables us to conveniently separate zero-knowledge (ZK) related security requirements from the remaining security properties in the blind signature design methodology. Next, we focus on the suitable ZK protocols for blind signatures. We formalize two special ZK ideal functionalities, single-verifier-ZK (SVZK) and singleprover-ZK (SPZK), both special cases of multi-session ZK that may be of independent interest, and we investigate the requirements for realizing them in a commit-and-prove fashion as building blocks for adaptively secure UC blind signatures. Regarding SPZK we find the rather surprising result that realizing it only against static adversaries is sufficient to obtain adaptive security for UC blind signatures. We instantiate all the building blocks of our design methodology both generically based on the blind signature construction of Fischlin as well as concretely based on the 2SDH assumption of Okamoto, thus demonstrating the feasibility and practicality of our approach. The latter construction yields the first practical UC blind signature that is secure against adaptive adversaries. We also present a new more general modeling of the ideal blind signature functionality.