General Conversion for Obtaining Strongly Existentially Unforgeable Signatures

  • Isamu Teranishi
  • Takuro Oyama
  • Wakaha Ogata
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4329)


We say that a signature scheme is strongly existentially unforgeable if no adversary, given message/signature pairs adaptively, can generate a new signature on either a signature on a new message or a new signature on a previously signed message. Strongly existentially unforgeable signature schemes are used to construct many applications, such as an IND-CCA2 secure public-key encryption scheme and a group signature scheme.

We propose two general and efficient conversions, both of which transform a secure signature scheme to a strongly existentially unforgeable signature scheme. There is a tradeoff between the two conversions. The first conversion requires the random oracle, but the signature scheme transformed by the first conversion has shorter signature length than the scheme transformed by the second conversion. The second conversion does not require the random oracle. Therefore, if the original signature scheme is of the standard model, the strongly existentially unforgeable property of the converted signature scheme is proved also in the standard model.

Both conversions ensure tight security reduction to the underlying security assumptions. Moreover, the transformed schemes by the first or second conversion satisfy the on-line/off-line property. That is, signers can precompute almost all operations on the signing before they are given a message.


signature scheme strong unforgeability standard model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ADR02]
    An, J.H., Dodis, Y., Rabin, T.: On the Security of Joint Signature and Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [BR93]
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM-CCS 1993, pp. 62–73 (1993)Google Scholar
  3. [BSS99]
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curve in Cryptography. Cambridge University Press, Cambridge (1999)Google Scholar
  4. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  5. [BSW06]
    Boneh, D., Shen, E., Waters, B.: Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. [CHK04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-Ciphertext Security from Identity-Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 229–235. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. [CG04]
    Camenisch, J., Groth, J.: Group Signatures: Better Efficiency and New Theoretical Aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. [CLS06]
    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an Efficient and Provable Collision-Resistant Hash Function. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 165–182. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. [DDN00]
    Dolev, D., Dwork, C., Naor, M.: Non-malleable Cryptography. SIAM J. of Computing 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  10. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  11. [KR97]
    Krawczyk, H., Rabin, T.: Chameleon Hashing and Signatures (1997),
  12. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon Signatures. In: NDSS 2000, pp. 143–154 (2000)Google Scholar
  13. [MOV96]
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  14. [ST01]
    Shamir, A., Tauman, Y.: Improved Online/Offline Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. [S97]
    Shoup, V.: Lower Bound for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  16. [S97]
    Steinfeld, R., Pieprzyk, J., Wang, H.: How to Strengthen any Weakly Unforgeable Signature into a Strongly Unforgeable Signature. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 357–371. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. [W05]
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Isamu Teranishi
    • 1
    • 2
  • Takuro Oyama
    • 2
  • Wakaha Ogata
    • 2
  1. 1.NEC CorporationKanagawaJapan
  2. 2.Tokyo Institute of TechnologyTokyoJapan

Personalised recommendations