Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Provably Secure Partially Blind Signatures
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Security of Blind Digital Signatures (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Homomorphic Encryption and Signatures from Vector Decomposition
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
A Framework for Universally Composable Non-committing Blind Signatures
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Concurrently-secure blind signatures without random oracles or setup assumptions
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Efficient non-interactive proof systems for bilinear groups
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Building efficient fully collusion-resilient traitor tracing and revocation schemes
Proceedings of the 17th ACM conference on Computer and communications security
Structure-preserving signatures and commitments to group elements
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Round optimal blind signatures
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Optimal structure-preserving signatures in asymmetric bilinear groups
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
New techniques for dual system encryption and fully secure HIBE with short ciphertexts
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Converting pairing-based cryptosystems from composite-order groups to prime-order groups
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Concurrent blind signatures without random oracles
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Round-optimal composable blind signatures in the common reference string model
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Non-interactive zaps and new techniques for NIZK
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Perfect non-interactive zero knowledge for NP
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Efficient blind and partially blind signatures without random oracles
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Efficient two-move blind signatures in the common reference string model
ISC'12 Proceedings of the 15th international conference on Information Security
Compact round-optimal partially-blind signatures
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Homomorphic encryption for multiplications and pairing evaluation
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
On the (im)possibility of projecting property in prime-order setting
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Journal of Computer Security - Advances in Security for Communication Networks
| Hi-index | 0.00 |
At Eurocrypt 2010, Freeman proposed a transformation from pairing-based schemes in composite-order bilinear groups to equivalent ones in prime-order bilinear groups. His transformation can be applied to pairing-based cryptosystems exploiting only one of two properties of composite-order bilinear groups: cancelling and projecting. At Asiacrypt 2010, Meiklejohn, Shacham, and Freeman showed that prime-order bilinear groups according to Freeman's construction cannot have two properties simultaneously except negligible probability and, as an instance of implausible conversion, proposed a (partially) blind signature scheme whose security proof exploits both the cancelling and projecting properties of composite-order bilinear groups. In this paper, we invalidate their evidence by presenting a security proof of the prime-order version of their blind signature scheme. Our security proof follows a different strategy and exploits only the projecting property. Instead of the cancelling property, a new property, that we call translating, on prime-order bilinear groups plays an important role in the security proof, whose existence was not known in composite-order bilinear groups. With this proof, we obtain a 2-move (i.e., round optimal) (partially) blind signature scheme (without random oracle) based on the decisional linear assumption in the common reference string model, which is of independent interest. As the second contribution of this paper, we construct prime-order bilinear groups that possess both the cancelling and projecting properties at the same time by considering more general base groups. That is, we take a rank n ℤp-submodule of ℤpn2, instead of ℤpn, to be a base group G, and consider the projections into its rank 1 submodules. We show that the subgroup decision assumption on this base group G holds in the generic bilinear group model for n=2, and provide an efficient membership-checking algorithm to G, which was trivial in the previous setting. Consequently, it is still open whether there exists a cryptosystem on composite-order bilinear groups that cannot be constructed on prime-order bilinear groups.