A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
Programmable Hash Functions and Their Applications
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
An Efficient On-Line/Off-Line Signature Scheme without Random Oracles
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
How to Prove Security of a Signature with a Tighter Security Reduction
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Proving tight security for Rabin-Williams signatures
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Tight proofs for signature schemes without random oracles
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Efficient identity-based encryption with tight security reduction
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
A practical and tightly secure signature scheme without hash function
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Programmable Hash Functions and Their Applications
Journal of Cryptology
IEEE Transactions on Information Theory - Part 1
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Waters signatures (Eurocrypt 2005) can be shown existentially unforgeable under chosen-message attacks under the assumption that the computational Diffie-Hellman problem in the underlying (pairing-friendly) group is hard. The corresponding security proof has a reduction loss of O (ℓ·q ), where ℓ is the bitlength of messages, and q is the number of adversarial signature queries. The original reduction could meanwhile be improved to $O(\sqrt{\ell}\cdot q)$ (Hofheinz and Kiltz, Crypto 2008); however, it is currently unknown whether a better reduction exists. We answer this question as follows: We give a simple modification of Waters signatures, where messages are encoded such that each two encoded messages have a suitably large Hamming distance. Somewhat surprisingly, this simple modification suffices to prove security under the CDH assumption with a reduction loss of O (q ). We also show that any black-box security proof for a signature scheme with re-randomizable signatures must have a reduction loss of at least Ω(q ), or the underlying hardness assumption is false. Since both Waters signatures and our variant from (a) are re-randomizable, this proves our reduction from (a) optimal up to a constant factor. Understanding and optimizing the security loss of a cryptosystem is important to derive concrete parameters, such as the size of the underlying group. We provide a complete picture for Waters-like signatures: there is an inherent lower bound for the security loss, and we show how to achieve it.