Realizing Hash-and-Sign Signatures under Standard Assumptions

@article{Hohenberger2009RealizingHS,
  title={Realizing Hash-and-Sign Signatures under Standard Assumptions},
  author={Susan Hohenberger and Brent Waters},
  journal={IACR Cryptol. ePrint Arch.},
  year={2009},
  volume={2009},
  pages={28}
}
Currently, there are relatively few instances of "hash-and-sign" signatures in the standard model. Moreover, most current instances rely on strong and less studied assumptions such as the Strong RSA and q -Strong Diffie-Hellman assumptions. In this paper, we present a new approach for realizing hash-and-sign signatures in the standard model. In our approach, a signer associates each signature with an index i that represents how many signatures that signer has issued up to that point. Then, to… 
Short Signatures From Weaker Assumptions
TLDR
This work proposes new and efficient constructions of digital signature schemes from weaker assumptions, i.e., from the (standard, non-strong) RSA and the ( standard,Non-Strong) q-Diffie-Hellman assumptions, and offers interesting tradeoffs between efficiency/signature length and the size of the public-keys.
Short and Stateless Signatures from the RSA Assumption
TLDR
This work presents the first signature scheme which is "short", stateless and secure under the RSA assumption in the standard model, and introduces a new proof technique for reasoning about weakly-secure signatures.
Twin Signature Schemes, Revisited
TLDR
This paper presents a new twin signature scheme that is based on the Strong Diffie-Hellman (SDH) assumption in bilinear groups and allows for very short signatures and key material and proves this new scheme secure under adaptive chosen message attacks.
A Framework for Efficient Signatures, Ring Signatures and Identity Based Encryption in the Standard Model
TLDR
This work shows a transformation taking a signature scheme with a very weak security guarantee and producing a fully secure signature scheme, and shows that ring trapdoor functions imply ring signatures under a weak definition, which enables the transformation to achieve full security.
Short lattice signatures with constant-size public keys
TLDR
This paper proposes a new method for constructing short lattice signatures with constant-size public keys in the standard model, and introduces a new hard lattice problem, called variant small integer solution (Variant-SIS), and gives the security reduction from smallinteger solution to Variant-S IS.
Tight Proofs for Signature Schemes without Random Oracles
TLDR
This work obtains very efficient SDH-based variants of the Cramer-Shoup, Fischlin, and Zhu signature scheme and the first tight security proof of the recent Camenisch-Lysyanskaya scheme that was proposed and proven secure under the SDH assumption.
Short Signatures From Diffie-Hellman: Realizing Short Public Key
  • Jae Hong Seo
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2012
TLDR
This paper proposes short signatures from the DH assumption, which has a sublinear size public key, and develops a new technique for asymmetric trade between the public key size and the signature size.
Confined Guessing: New Signatures From Standard Assumptions
TLDR
A new technique to construct very efficient and compact signature schemes based on the computational Diffie–Hellman (CDH) assumption in pairing-friendly groups and is the first fully secure CDH-based scheme with such compact verification keys.
A Constant-Size Signature Scheme with Tighter Reduction from CDH Assumption
TLDR
A signature scheme with the tightest security-reduction among known constant-size signature schemes secure under the computational Diffie-Hellman (CDH) assumption, revisiting the non-re-randomizable signature scheme proposed by Bohl et al.
Tightly-Secure Signatures from Chameleon Hash Functions
TLDR
This work shows that any Chameleon Hash function can be transformed into a (binary) tree-based signature scheme with tight security and obtains the first tightly secure signature scheme from the SIS assumption and several schemes based on Diffie-Hellman in the standard model.
...
...

References

SHOWING 1-10 OF 41 REFERENCES
Secure Hash-and-Sign Signatures Without the Random Oracle
TLDR
A new signature scheme is presented which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture, and is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable.
New Generation of Secure and Practical RSA-Based Signatures
TLDR
Under an appropriate assumption about RSA, the scheme is proven to be not existentially forgeable under adaptively chosen message attacks and presented a digital signature that offers both proven security and practical value.
Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems
TLDR
Two efficient signature schemes whose security is tightly related to the Diffie-Hellman problems in the random oracle model are proposed and analyzed and can currently offer substantially better efficiency than existing schemes based on the discrete logarithm assumption.
Identity-Based Chameleon Hash and Applications
TLDR
This paper uses the identity-based chameleon hashing scheme to build the id-basedchameleon signature and a novel sealed-bid auction scheme that is robust, communication efficient (bidders send a single message), and secure under a particular trust model.
A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
TLDR
A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
One-way functions are necessary and sufficient for secure signatures
  • J. Rompel
  • Computer Science, Mathematics
    STOC '90
  • 1990
TLDR
This paper is interested in signature schemes which are secure agMnst existential forgery under adaptive chosen message attacks, and the existence of trapdoor permutations can be shown to be necessary and sufficient for secure encryption schemes.
Signature Schemes and Anonymous Credentials from Bilinear Maps
TLDR
This work proposes a new and efficient signature scheme that is provably secure in the plain model and provides efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature on a committed (or encrypted) message and to obtain a signatureon a committed message.
A Signature Scheme with Efficient Protocols
TLDR
This paper proposes a practical and provably secure signature scheme and shows protocols for issuing a signature on a committed value (so the signer has no information about the signed value), and for proving knowledge of a signing on a commit value.
Short Signatures Without Random Oracles
TLDR
A short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles, which depends on a new complexity assumption the authors call the Strong Diffie-Hellman assumption.
Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme
TLDR
The Goldwasser-Micali-Rivest Signature Scheme can be made totally "memoryless", and the original implementation of the GMR scheme based on factoring, can be speeded-up by a factor of |N|.
...
...