A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Practical multi-candidate election system
Proceedings of the twentieth annual ACM symposium on Principles of distributed computing
Provably Secure Blind Signature Schemes
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Round-Optimal Blind Signatures from Waters Signatures
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Proofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
Randomizable Proofs and Delegatable Anonymous Credentials
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Efficient non-interactive proof systems for bilinear groups
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Structure-preserving signatures and commitments to group elements
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Signatures on randomizable ciphertexts
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Round-optimal composable blind signatures in the common reference string model
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Compact group signatures without random oracles
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Non-interactive zero-knowledge from homomorphic encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Signatures on randomizable ciphertexts
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Commuting signatures and verifiable encryption
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Short signatures from weaker assumptions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Traceable signature with stepping capabilities
Cryptography and Security
Round-Optimal privacy-preserving protocols with smooth projective hash functions
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Compact round-optimal partially-blind signatures
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Efficient signatures of knowledge and DAA in the standard model
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Journal of Computer Security - Advances in Security for Communication Networks
Hi-index | 0.00 |
Randomizable encryption allows anyone to transform a ciphertext into a fresh ciphertext of the same message. Analogously, a randomizable signature can be transformed into a new signature on the same message. We combine randomizable encryption and signatures to a new primitive as follows: given a signature on a ciphertext, anyone, knowing neither the signing key nor the encrypted message, can randomize the ciphertext and adapt the signature to the fresh encryption, thus maintaining public verifiability. Moreover, given the decryption key and a signature on a ciphertext, one can compute ("extract") a signature on the encrypted plaintext. As adapting a signature to a randomized encryption contradicts the standard notion of unforgeability, we introduce a weaker notion stating that no adversary can, after querying signatures on ciphertexts of its choice, output a signature on an encryption of a new message. This is reasonable since, due to extractability, a signature on an encrypted message can be interpreted as an encrypted signature on the message. Using Groth-Sahai proofs and Waters signatures, we give several instantiations of our primitive and prove them secure under classical assumptions in the standard model and the CRS setting. As an application, we show how to construct an efficient non-interactive receipt-free universally verifiable e-voting scheme. In such a scheme a voter cannot prove what his vote was, which precludes vote selling. Besides, our primitive also yields an efficient round-optimal blind signature scheme based on standard assumptions, and namely for the classical Waters signature.