A Strongly Unforgeable Signature under the CDH Assumption without Collision Resistant Hash Functions

Takahiro MATSUDA  Nuttapong ATTRAPADUNG  Goichiro HANAOKA  Kanta MATSUURA  Hideki IMAI  

IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.5   pp.1466-1476
Publication Date: 2008/05/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.5.1466
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Cryptographic Techniques
digital signature,  strong unforgeability,  target collision resistant hash function,  standard model,  

Full Text: PDF>>
Buy this Article

Unforgeability of digital signatures is closely related to the security of hash functions since hashing messages, such as hash-and-sign paradigm, is necessary in order to sign (arbitrarily) long messages. Recent successful collision finding attacks against practical hash functions would indicate that constructing practical collision resistant hash functions is difficult to achieve. Thus, it is worth considering to relax the requirement of collision resistance for hash functions that is used to hash messages in signature schemes. Currently, the most efficient strongly unforgeable signature scheme in the standard model which is based on the CDH assumption (in bilinear groups) is the Boneh-Shen-Waters (BSW) signature proposed in 2006. In their scheme, however, a collision resistant hash function is necessary to prove its security. In this paper, we construct a signature scheme which has the same properties as the BSW scheme but does not rely on collision resistant hash functions. Instead, we use a target collision resistant hash function, which is a strictly weaker primitive than a collision resistant hash function. Our scheme is, in terms of the signature size and the computational cost, as efficient as the BSW scheme.