Reassessing Security of Randomizable Signatures

Abstract : The Camenisch-Lysyanskaya (CL) signature is a very popular tool in cryptography, especially among privacy-preserving constructions. Indeed, the latter benefit from their numerous features such as randomizability. Following the evolution of pairing-based cryptography, with the move from symmetric pairings to asymmetric pairings, Pointcheval and Sanders (PS) proposed at CT-RSA ’16 an alternative scheme which improves performances while keeping the same properties. Unfortunately, CL and PS signatures raise concerns in the cryptographic community because they both rely on interactive assumptions that essentially state their EUF-CMA security. This lack of precise security assessment is obviously a barrier to a widespread use of these signatures and a reason for preferring other constructions, such as the ones relying on q-type assumptions. In this paper, we study more thoroughly the security of these signatures and prove that it actually relies, for both constructions, on simple variants of the SDH assumption, assuming a slight modification of the original constructions. Our work thus shows that the CL and PS signature schemes offer similar security guarantees as those provided by several other constructions using bilinear groups, and so that one can benefit from their interesting features without jeopardizing security.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01903717
Contributor : David Pointcheval <>
Submitted on : Wednesday, October 24, 2018 - 3:36:57 PM
Last modification on : Saturday, November 9, 2019 - 4:30:12 PM

Identifiers

Collections

Citation

David Pointcheval, Olivier Sanders. Reassessing Security of Randomizable Signatures. CT-RSA 2018 - The Cryptographers' Track at the RSA Conference 2018, Apr 2018, San Francisco, United States. ⟨10.1007/978-3-319-76953-0_17⟩. ⟨hal-01903717⟩

Share

Metrics

Record views

56