Chethan Kamath

Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions

At Crypto 2015 Fuchsbauer, Hanser and Slamanig FHS presented the first standard-model construction of efficient round-optimal blind signatures that does not require complexity leveraging. It is conceptually simple and builds on the primitive of structure-preserving signatures on equivalence classes SPS-EQ. FHS prove the unforgeability of their scheme assuming EUF-CMA security of the SPS-EQ scheme and hardness of a version of the DH inversion problem. Blindness under adversarially chosen keys is proven under an interactive variant of the DDH assumption. We propose a variant of their scheme whose blindness can be proven under a non-interactive assumption, namely a variant of the bilinear DDH assumption. We moreover prove its unforgeability assuming only unforgeability of the underlying SPS-EQ but no additional assumptions as needed for the FHS scheme.

Galindo-Garcia identity-based signature revisited

In Africacrypt 2009, Galindo-Garcia [12] proposed a lightweight identity-based signature (IBS) scheme based on the Schnorr signature. The construction is simple and claimed to be the most efficient IBS till date. The security is based on the discrete-log assumption and the security argument consists of two reductions:

Be Adaptive, Avoid Overcommitting

\mathcal{B}_{1}

A Closer Look at Multiple Forking: Leveraging (In)Dependence for a Tighter Bound

and

Private set-intersection with common set-up

\mathcal{B}_{2}

From Selective-ID to Full-ID IBS without Random Oracles

, both of which use the multiple-forking lemma [4] to solve the discrete-log problem (DLP). In this work, we revisit the security argument given in [12]. Our contributions are two fold: (i) we identify several problems in the original argument and (ii) we provide a detailed new security argument which allows significantly tighter reductions. In particular, we show that the reduction

On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model

\mathcal{B}_{1}

On the Memory-Hardness of Data-Independent Password-Hashing Functions.

in [12] fails in the standard security model for IBS [1], while the reduction

On the Memory-Hardness of Data-Independent Password-Hashing Functions

\mathcal{B}_{2}

Adaptively Secure Proxy Re-encryption.

is incomplete. To remedy these problems, we adopt a two-pronged approach. First, we sketch ways to fill the gaps by making minimal changes to the structure of the original security argument; then, we provide a new security argument. The new argument consists of three reductions: