Generic Transformation for Signatures in the Continual Leakage Model

Yuyu WANG  Keisuke TANAKA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E100-A   No.9   pp.1857-1869
Publication Date: 2017/09/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E100.A.1857
Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
generic transformation,  strong existential unforgeability,  continual leakage model,  continuous leakage resilient chameleon hash function,  

Full Text: PDF(623.4KB)
>>Buy this Article

In ProvSec 2014, Wang and Tanaka proposed a transformation which converts weakly existentially unforgeable (wEUF) signature schemes into strongly existentially unforgeable (sEUF) ones in the bounded leakage model. To obtain the construction, they combined leakage resilient (LR) chameleon hash functions with the Generalised Boneh-Shen-Waters (GBSW) transformation proposed by Steinfeld, Pieprzyk, and Wang. However, their transformation cannot be used in a more realistic model called continual leakage model since secret keys of LR chameleon hash functions cannot be updated. In this paper, we propose a transformation which can convert wEUF signature schemes into sEUF ones in the continual leakage model. To achieve our goal, we give a new definition of continuous leakage resilient (CLR) chameleon hash function and construct it based on the CLR signature scheme proposed by Malkin, Teranishi, Vahlis, and Yung. Although our CLR chameleon hash functions satisfy the property of strong collision-resistance, due to the existence of the updating algorithm, an adversary may find the kind of collisions such that messages are the same but randomizers are different. Hence, we cannot combine our chameleon hash functions with the GBSW transformation directly, or the sEUF security of the transformed signature schemes cannot be achieved. To solve this problem, we improve the original GBSW transformation by making use of the Groth-Sahai proof system and then combine it with CLR chameleon hash functions.