# Short Signatures from the Weil Pairing

@article{Boneh2004ShortSF, title={Short Signatures from the Weil Pairing}, author={Dan Boneh and Ben Lynn and Hovav Shacham}, journal={Journal of Cryptology}, year={2004}, volume={17}, pages={297-319} }

Abstract
We introduce a short signature scheme based on the Computational
Diffie–Hellman assumption on certain elliptic and hyperelliptic
curves. For standard security parameters, the signature length is
about half that of a DSA signature with a similar level of security. Our
short signature scheme is designed for systems where signatures are
typed in by a human or are sent over a low-bandwidth channel. We
survey a number of properties of our signature scheme such as
signature aggregation and…

## 390 Citations

Short Signatures from the Weil Pairing

- Computer Science, MathematicsJ. Cryptol.
- 2004

A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.

Cryptanalysis of Short Signature Scheme Without Random Oracles Assumption

- Computer Science, Mathematics2009 International Conference on Computational Intelligence and Security
- 2009

It is argued that the signature scheme, which satisfies non-repudiation, is more secure than the well-accepted notion of security for signature schemes, namely existential unforgeability against adaptive chosen-message attacks.

An Efficient Identity-Based Short Signature Scheme from Bilinear Pairings

- Computer Science, Mathematics
- 2007

This paper presents an ID-based signature scheme that is proved to be secure in the random oracle model under the hardness assumption of k-CAA problem, and requires less computation cost and is significantly more efficient than all known IBS schemes.

New Extensions of Pairing-Based Signatures into Universal Designated Verifier Signatures

- Computer Science, MathematicsICALP
- 2006

Two new efficient constructions for pairing-based short signatures based on Boneh-Boyen signatures are proposed, designed for devices with constrained computation capabilities since the signing and the designation procedure are pairing-free.

Two Identity-Based Aggregate Signature Schemes from Pairings

- Computer Science, Mathematics
- 2018

Two identity-based aggregate signature schemes from bilinear pairing operations are proposed which are secure against existential forgery under adaptively chosen message and identity attack in the random oracle model based on the assumption of intractability of the computational Diffie–Hellman problem (CDHP).

Short Unique Signatures from RSA with a Tight Security Reduction (in the Random Oracle Model)

- Computer Science, MathematicsFinancial Cryptography
- 2018

A unique signature scheme whose security proof incurred a security loss logarithmic in the number of hash oracle queries made by the adversary, bypassing an argument due to Bader, Jager, Li, and Schage.

Efficient Self-certified Signatures with Batch Verification

- Computer Science, MathematicsInscrypt
- 2011

This paper proposes an efficient and novel self-certified signature scheme, which requires only one modular multiplication in signing with pre-computation and is proven secure in the random oracle model.

Efficient Provable Secure ID-Based Directed Signature Scheme without Random Oracle

- Computer Science, MathematicsISNN
- 2009

This paper gives the syntax and security notion of ID-based directed signature without random oracle: unforgeability and invisiblity, and shows that the proposed scheme is unforgeable under the computational Diffie-Hellman assumption, and invisible under the Decisional Bilinear DiffIE- Hellman assumption.

A Novel ID-Based Verifiably Encrypted Signature without Random Oracle

- Computer Science, Mathematics2008 International Conference on Computational Intelligence and Security
- 2008

This work proposes an ID-based strong unforgeability verifiably encrypted signature scheme without random oracles, and shows that the security of the scheme is based on the difficulty of solving the computational Diffie-Hellman problem.

A New Efficient ID-Based Verifiably Encrypted Signature Scheme

- Computer Science, Mathematics2012 International Conference on Communication Systems and Network Technologies
- 2012

Based on the Hess signature scheme, a new efficient ID-based verifiably encrypted signature scheme was proposed and was proved to be security assuming the computing Diffie-Hellman problem was hard.

## References

SHOWING 1-10 OF 54 REFERENCES

Short Signatures from the Weil Pairing

- Computer Science, MathematicsJ. Cryptol.
- 2004

A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.

A One Round Protocol for Tripartite Diffie–Hellman

- Mathematics, Computer ScienceJournal of Cryptology
- 2004

A three participants variation of the Diffie--Hellman protocol is proposed, based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curve to the discreteLogarithms problem in a finite field.

On the Exact Security of Full Domain Hash

- Computer Science, MathematicsCRYPTO
- 2000

A slightly different proof is exhibited which provides a tighter security reduction of the Full Domain Hash scheme, which improves the efficiency of the scheme since smaller RSA moduli can be used for the same level of security.

Identity-Based Encryption from the Weil Pairing

- Computer Science, MathematicsCRYPTO
- 2001

This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.

The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin

- Computer Science, MathematicsEUROCRYPT
- 1996

An RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties and a second scheme which maintains all of the above features and in addition provides message recovery is provided.

Fast Batch Verification for Modular Exponentiation and Digital Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 1998

This work would like to do verification of a basic operation like modular exponentiation in some group by re-computing gx and checking that gx = y, and faster.

A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

- Computer Science, MathematicsSIAM J. Comput.
- 1988

A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.

An Elliptic Curve Implementation of the Finite Field Digital Signature Algorithm

- Mathematics, Computer ScienceCRYPTO
- 1998

A supersingular implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) is constructed that is essentially equivalent to a finite field implemented version of the DSA, and the efficiency of the two systems is compared.

Aggregate and Verifiably Encrypted Signatures from Bilinear Maps

- Computer Science, MathematicsEUROCRYPT
- 2003

This paper constructs an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham, and shows that aggregate signatures give rise to verifiably encrypted signatures.

Self-Blindable Credential Certificates from the Weil Pairing

- Computer Science, MathematicsASIACRYPT
- 2001

Two simple, efficient and effective credential pseudonymous certificate systems are described, which also support anonymity without the need for a trusted third party and are based on a new paradigm, called self-blindable certificates.