Abstract
We show a signature scheme whose security is tightly related to the Computational Diffie-Hellman (CDH) assumption in the Random Oracle Model. Existing discrete-log based signature schemes, such as ElGamal, DSS, and Schnorr signatures, either require non-standard assumptions, or their security is only loosely related to the discrete logarithm (DL) assumption using Pointcheval and Stern’s “forking” lemma. Since the hardness of the CDH problem is widely believed to be closely related to the hardness of the DL problem, the signature scheme presented here offers better security guarantees than existing discrete-log based signature schemes. Furthermore, the new scheme has comparable efficiency to existing schemes.
The signature scheme was previously proposed in the cryptographic literature on at least two occasions. However, no security analysis was done, probably because the scheme was viewed as a slight modification of Schnorr signatures. In particular, the scheme’s tight security reduction to CDH has remained unnoticed until now. Interestingly, this discrete-log based signature scheme is similar to the trapdoor permutation based PSS signatures proposed by Bellare and Rogaway, and has a tight reduction for a similar reason.
Chapter PDF
Similar content being viewed by others
Keywords
References
Ernest Brickell, Daniel Gordon, Kevin McCurley, and David Wilson. Fast exponentiation with precomputation. In R.A. Rueppel, editor, Proceedings of Eurocrypt 1992, volume 0658 of LNCS, pages 200–207. Springer-Verlag, May 1992.
Mihir Bellare, Juan Garay, and Tal Rabin. Fast batch verification for modular exponentiation and digital signatures. In K. Nyberg, editor, Proceedings of Eurocrypt 1998, volume 1403 of LNCS, pages 236–250. Springer-Verlag, May 1998.
Dan Boneh and Richard Lipton. Algorithms for black-box fields and their application to cryptography. In Neal Koblitz, editor, Proceedings of Crypto 1996, volume 1109 of LNCS, pages 283–297. Springer-Verlag, May 1996.
Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In C. Boyd, editor, Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 514–532. Springer-Verlag, December 2001.
Ernest Brickell, David Pointcheval, Serge Vaudenay, and Moti Yung. Design validations for discrete logarithm based signature schemes. In Hideki Imai and Yuliang Zheng, editors, Proceedings of PKC 2000, volume 1751 of LNCS, pages 276–292. Springer-Verlag, January 2000.
Mihir Bellare and Phillip Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.
Mihir Bellare and Phillip Rogaway. The exact security of digital signatures — How to sign with RSA and Rabin. In Ueli Maurer, editor, Proceedings of Eurocrypt 1996, volume 1070 of LNCS, pages 399–416. Springer-Verlag, May 1996.
David Chaum, Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In David Chaum and Wyn Price, editors, Proceedings of Eurocrypt 1987, volume 0304 of LNCS, pages 127–142. Springer-Verlag, May 1987.
Ran Canetti, Oded Goldreich, and Shai Halevi. The random oracle methodology, revisited. In Proceedings of the 30th annual ACM symposium on Theory of Computing, pages 209–218. ACM Press, 1998.
David Chaum and Torben Pryds Pedersen. Wallet databases with observers. In Ernest Brickell, editor, Proceedings of Crypto 1992, volume 0740 of LNCS, pages 89–105. Springer-Verlag, August 1992.
Jan Camenisch and Markus Stadler. Proof systems for general statements about discrete logarithms. Technical Report 260, Institute for Theoretical Computer Science, ETH Zurich, March 1997.
Ronald Cramer and Victor Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security, 3(3):161–185, 2000.
Whitfield Diffie and Martin Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, November 1976.
Taher ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469–472, July 1985.
Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew Odlyzko, editor, Proceedings of Crypto 1986, volume 0263 of LNCS, pages 186–194. Springer-Verlag, August 1986.
Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Jacques Stern, editor, Proceedings of Eurocrypt 1999, volume 1592 of LNCS, pages 123–139. Springer-Verlag, May 1999.
Shafi Goldwasser, Silvio Micali, and Ronald Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, 1988.
Markus Jakobsson and Claus-Peter Schnorr. Efficient oblivious proofs of correct exponentiation. In Bart Preneel, editor, Proceedings of the IFIP Conference on Communications and Multimedia Security 1999, volume 152, pages 71–86. Kluwer, September 1999.
Arjen Lenstra and Eric Verheul. Selecting cryptographic key sizes. Journal of Cryptology, 14(4):255–293, 2001.
Silvio Micali and Leonid Reyzin. Improving the exact security of digital signature schemes. Journal of Cryptology, 15(1):1–18, 2002.
Ueli Maurer and Stefan Wolf. The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms. SIAM Journal on Computing, 28(5):1689–1721, 1999.
NIST. Digital Signature Standard (DSS). Publication 196, Federal Information Processing Standards, November 1994.
Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st annual ACM symposium on Theory of Computing, pages 33–43. ACM Press, 1989.
Kazuo Ohta and Tatsuaki Okamoto. On concrete security treatment of signatures derived from identification. In Hugo Krawczyk, editor, Proceedings of Crypto 1998, volume 1462 of LNCS, pages 354–369. Springer-Verlag, August 1998.
Tatsuaki Okamoto and David Pointcheval. The Gap-Problems: A new class of problems for the security of cryptographic schemes. In Kwangjo Kim, editor, Proceedings of PKC 2001, volume 1992 of LNCS, pages 104–118. Springer-Verlag, February 2001.
David Pointcheval and Jacques Stern. Security proofs for signature schemes. In Ueli Maurer, editor, Proceedings of Eurocrypt 1996, volume 1070 of LNCS, pages 387–398. Springer-Verlag, May 1996.
J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd annual ACM symposium on Theory of Computing, pages 387–394. ACM Press, 1990.
Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Proceedings of Crypto 1989, volume 0435 of LNCS, pages 239–252. Springer-Verlag, August 1989.
Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosen ciphertext attack. In Kaisa Nyberg, editor, Proceedings of Eurocrypt 1998, volume 1403 of LNCS, pages 1–16. Springer-Verlag, May 1998.
Victor Shoup. Lower bounds for discrete logarithms and related problems. In Walter Fumy, editor, Proceedings of Eurocrypt 1997, volume 1233 of LNCS, pages 256–266. Springer-Verlag, May 1997.
Adi Shamir and Yael Tauman. Improved online/offline signature schemes. In Joe Killian, editor, Proceedings of Crypto 2001, volume 2139 of LNCS, pages 355–367. Springer-Verlag, August 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Goh, EJ., Jarecki, S. (2003). A Signature Scheme as Secure as the Diffie-Hellman Problem. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_25
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive