Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Efficient Identity Based Signature Schemes Based on Pairings
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
An Identity-Based Signature from Gap Diffie-Hellman Groups
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Multi-signatures in the plain public-Key model and a general forking lemma
Proceedings of the 13th ACM conference on Computer and communications security
Deterministic Identity-Based Signatures for Partial Aggregation
The Computer Journal
A Schnorr-Like Lightweight Identity-Based Signature Scheme
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Prevention of Man-in-the-Middle Attacks Using ID Based Signatures
ICNDC '11 Proceedings of the 2011 Second International Conference on Networking and Distributed Computing
Identity-based deterministic signature scheme without forking-lemma
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Boneh-Franklin identity based encryption revisited
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Secure Proxy Signature Schemes for Delegation of Signing Rights
Journal of Cryptology
One-round identity-based key exchange with Perfect Forward Security
Information Processing Letters
| Hi-index | 0.00 |
In Africacrypt 2009, Galindo-Garcia [12] proposed a lightweight identity-based signature (IBS) scheme based on the Schnorr signature. The construction is simple and claimed to be the most efficient IBS till date. The security is based on the discrete-log assumption and the security argument consists of two reductions: $\mathcal{B}_{1}$ and $\mathcal{B}_{2}$, both of which use the multiple-forking lemma [4] to solve the discrete-log problem (DLP). In this work, we revisit the security argument given in [12]. Our contributions are two fold: (i) we identify several problems in the original argument and (ii) we provide a detailed new security argument which allows significantly tighter reductions. In particular, we show that the reduction $\mathcal{B}_{1}$ in [12] fails in the standard security model for IBS [1], while the reduction $\mathcal{B}_{2}$ is incomplete. To remedy these problems, we adopt a two-pronged approach. First, we sketch ways to fill the gaps by making minimal changes to the structure of the original security argument; then, we provide a new security argument. The new argument consists of three reductions: $\mathcal{R}_{1}$, $\mathcal{R}_{2}$ and $\mathcal{R}_{3}$ and in each of them, solving the DLP is reduced to breaking the IBS. $\mathcal{R}_{1}$ uses the general forking lemma [2] together with the programming of the random oracles and Coron's technique [8]. Reductions $\mathcal{R}_{2}$ and $\mathcal{R}_{3}$, on the other hand, use the multiple-forking lemma along with the programming of the random oracles. We show that the reductions $\mathcal{R}_{1}$ and $\mathcal{R}_{2}$ are significantly tighter than their original counterparts.