Skip to main content
SpringerLink
Log in

Black-Box Separations of Hash-and-Sign Signatures in the Non-Programmable Random Oracle Model

  • Conference paper
  • First Online:
Provable Security (ProvSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9451))

Included in the following conference series:

Abstract

A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt ’13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent.

We generalize their results to a large class of “malleable” hash-and-sign signatures, where one can efficiently “maul”any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys. We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a one-more cryptographic problem (depending on the signature instantiation). Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs.

Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers \(\Gamma \)-signature (Yao and Zhao, IEEE Transactions on Information Forensics and Security ’13), and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In the generic group model [31], the underlying group is considered as a generic one, where an adversary only has access to random encodings of group elements, and the operation on group elements is done in a black-box way. The problem \((\mathrm {P}_1,\mathrm {P}_2)\) requires the existence of a \(\mathrm {P}_2\) solution oracle, which in essence contradicts the idea of the generic group since one can know the relation between two random encodings. Though it is possible to model this \(\mathrm {P}_2\) oracle in the generic group model, it is hard to argue that the encodings do not leak too much useful information to an adversary.

  2. 2.

    We remark that a previous version of this work actually predates [10].

  3. 3.

    We use an inner algorithm \(\mathsf {SInner}\) to clarify that the input of \(\mathsf {H}\) does not include the public key. For brevity, we allow \(\mathsf {H}\) to use whole r. In explicit constructions, \(\mathsf {H}\) might only use part of the randomness r. In this case, \(\mathsf {H}\) just neglects the rest part of r.

  4. 4.

    This implies that each public key is corresponding to only one secret key.

  5. 5.

    Recall that \(\mathsf{SS}\) is malleable, according to Definition 8, the homomorphism \(\psi (\cdot )\) is computable with a \(\mathrm {P}_2\) solving oracle. Moreover, a problem \(\mathrm {P}_1\) instance can also be correctly solved by using at most one query to a \(\mathrm {P}_2\) solving oracle (with the help of reduction \(\mathcal {T}\)).

References

  1. Ananth, P., Bhaskar, R.: Non observability in the random oracle model. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 86–103. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  3. Bellare, M., Paterson, K.G., Thomson, S.: RKA security beyond the linear barrier: IBE, encryption and signatures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 331–348. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS, pp. 62–73. ACM (1993)

    Google Scholar 

  5. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  6. Bhattacharyya, R., Mukherjee, P.: Non-adaptive programmability of random oracle. Theoret. Comput. Sci. 592, 97–114 (2015)

    Article  MathSciNet  Google Scholar 

  7. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  10. Chen, Y., Huang, Q., Zhang, Z.: Sakai-ohgishi-kasahara identity-based non-interactive key exchange scheme, revisited. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 274–289. Springer, Heidelberg (2014)

    Google Scholar 

  11. Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  12. Cui, Y., Fujisaki, E., Hanaoka, G., Imai, H., Zhang, R.: Formal security treatments for IBE-to-signature transformation: relations among security notions. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 92(1), 53–66 (2009)

    Article  Google Scholar 

  13. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  14. Fischlin, M., Fleischhacker, N.: Limitations of the meta-reduction technique: the case of schnorr signatures. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 444–460. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Fischlin, M., Lehmann, A., Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random oracles with(out) programmability. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 303–320. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. Fleischhacker, N., Jager, T., Schröder, D.: On tight security proofs for schnorr signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 512–531. Springer, Heidelberg (2014)

    Google Scholar 

  17. Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. Fukumitsu, M., Hasegawa, S.: Black-box separations on fiat-shamir-type signatures in the non-programmable random oracle model. In: López, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 3–20. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  20. Galindo, D.: Boneh-franklin identity based encryption revisited. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 791–802. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  22. Goh, E.J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptol. 20(4), 493–514 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  23. Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS, pp. 102–113. IEEE Computer Society (2003)

    Google Scholar 

  24. Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Nishioka, M.: Reconsideration on the security of the boneh-franklin identity-based encryption scheme. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 270–282. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Paterson, K.G., Srinivasan, S.: On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups. Des. Codes Crypt. 52(2), 219–241 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  27. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)

    Article  MATH  Google Scholar 

  28. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, vol. 45, pp. 26–28, Japan (2000)

    Google Scholar 

  29. Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)

    Google Scholar 

  30. Seurin, Y.: On the exact security of schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554–571. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  31. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  32. Shoup, V.: A proposal for an ISO standard for public key encryption. In: Cryptology ePrint Archive, Report 2001/112 (2001). http://eprint.iacr.org/

  33. Wee, H.: Zero knowledge in the random oracle model, revisited. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 417–434. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  34. Yao, A.C.C., Zhao, Y.: Online/offline signatures for low-power devices. IEEE Trans. Inf. Forensics Secur. 8(2), 283–294 (2013)

    Article  Google Scholar 

  35. Zhang, J., Zhang, Z., Chen, Y., Guo, Y., Zhang, Z.: Black-box separations for one-more (Static) CDH and its generalization. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 366–385. Springer, Heidelberg (2014)

    Google Scholar 

  36. Zhang, R., Imai, H.: Improvements on security proofs of some identity based encryption schemes. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 28–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Acknowledgments

Zongyang Zhang is an International Research Fellow of JSPS and is supported by NSFC under grant No. 61303201. Yu Chen is supported by NSFC under Grant Nos. 61303257, 61379141, the IIE’s Cryptography Research Project, the Strategic Priority Research Program of CAS under Grant No. XDA06010701. Sherman S. M. Chow is supported by the Early Career Award and grants (CUHK 439713, 14201914) from the Research Grants Council, Hong Kong. Zhenfu Cao is supported by NSFC under Nos. 61411146001, 61321064, 61371083. Yunlei Zhao is supported by NSFC under Grant Nos.61272012, 61472084.

Author information

Authors and Affiliations

  1. National Institute of Advanced Industrial Science and Technology (AIST), Tsukuba, Japan

    Zongyang Zhang & Goichiro Hanaoka

  2. State Key Laboratory of Information Security (SKLOIS), Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Yu Chen

  3. Department of Information Engineering, Chinese University of Hong Kong, Shatin, Hong Kong

    Yu Chen & Sherman S. M. Chow

  4. East China Normal University, Shanghai, China

    Zhenfu Cao

  5. Software School, Fudan University, Shanghai, China

    Yunlei Zhao

Authors
  1. Zongyang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sherman S. M. Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Goichiro Hanaoka
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhenfu Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yunlei Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Chen .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man-Ho Au

  2. Japan Advanced Inst. of Science and Tech, Ishikawa, Japan

    Atsuko Miyaji

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Zhang, Z., Chen, Y., Chow, S.S.M., Hanaoka, G., Cao, Z., Zhao, Y. (2015). Black-Box Separations of Hash-and-Sign Signatures in the Non-Programmable Random Oracle Model. In: Au, MH., Miyaji, A. (eds) Provable Security. ProvSec 2015. Lecture Notes in Computer Science(), vol 9451. Springer, Cham. https://doi.org/10.1007/978-3-319-26059-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26059-4_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26058-7

  • Online ISBN: 978-3-319-26059-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation