Skip to main content
SpringerLink
Log in

On the Impossibility of Proving Security of Strong-RSA Signatures via the RSA Assumption

  • Conference paper
Information Security and Privacy (ACISP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8544))

Included in the following conference series:

Abstract

We pose a question whether or not the standard RSA assumption is sufficient to prove the security of the strong RSA-based (SRSA-based, for short) signatures. In this paper, we show a negative circumstantial evidence for the question. Namely, several SRSA-based signatures cannot be proven to be sEUF-CMA, or even EUF-KOA, under the RSA assumption as far as a modulus-preserving algebraic reduction is concerned. Our result is obtained as an important application of the adaptive pseudo-free group introduced by Catalano, Fiore and Warinschi that can be regarded as an abstract framework of signatures. We in fact show that the adaptive pseudo-freeness of the RSA group \(\mathbb{Z}_N^\times\) cannot be proven from the RSA assumption via such reductions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abe, M., Groth, J., Ohkubo, M.: Separating Short Structure-Preserving Signatures from Non-Interactive Assumptions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 628–646. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  2. Abe, M., Haralambiev, K., Ohkubo, M.: Group to Group Commitments Do Not Shrink. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 301–317. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Aggarwal, D., Maurer, U., Shparlinski, I.: The Equivalence of Strong RSA and Factoring in the Generic Ring Model of Computation. In: Augot, D., Canteaut, A. (eds.) WCC 2011, pp. 17–26 (2011)

    Google Scholar 

  4. Agrawal, M., Kayal, N., Saxena, N.: PRIMES Is in P. Annals of Mathematics 160(2), 781–793 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  5. Barić, N., Pfitzmann, B.: Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. In: ACM CCS 1993, Fairfax, Virginia, USA, pp. 62–73. ACM Press, New York (1993)

    Google Scholar 

  7. Boneh, D., Venkatesan, R.: Breaking RSA May Not Be Equivalent to Factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Bresson, E., Monnerat, J., Vergnaud, D.: Separation Results on the “One-More” Computational Problems. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 71–87. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Camenisch, J., Lysyanskaya, A.: A Signature Scheme with Efficient Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Catalano, D., Fiore, D., Warinschi, B.: Adaptive Pseudo-Free Groups and Applications. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 207–223. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Chevallier-Mames, B., Joye, M.: A Practical and Tightly Secure Signature Scheme Without Hash Function. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 339–356. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. In: ACM CCS 1999, Kent Ridge Digital Labs, Singapore, pp. 46–51. ACM Press, New York (1999)

    Google Scholar 

  13. Fischlin, M.: The Cramer-Shoup Strong-RSA Signature Scheme Revisited. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 116–129. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Fukumitsu, M., Hasegawa, S., Isobe, S., Koizumi, E., Shizuya, H.: Toward Separating the Strong Adaptive Pseudo-Freeness from the Strong RSA Assumption. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 72–87. Springer, Heidelberg (2013)

    Google Scholar 

  15. Fukumitsu, M., Hasegawa, S., Isobe, S., Shizuya, H.: The RSA Group Is Adaptive Pseudo-Free under the RSA Assumption. IEICE Trans. Fundamentals, Special Section on Cryptography and Information Security E97-A(1), 200–214 (2014)

    Google Scholar 

  16. Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  17. Garg, S., Bhaskar, R., Lokam, S.V.: Improved Bounds on Security Reductions for Discrete Log Based Signatures. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 93–107. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Gennaro, R., Halevi, S., Rabin, T.: Secure Hash-and-Sign Signatures Without the Random Oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  20. Hanaoka, G., Matsuda, T., Schuldt, J.C.N.: On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812–831. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Hasegawa, S., Isobe, S., Shizuya, H., Tashiro, K.: On the Pseudo-Freeness and the CDH Assumption. International Journal of Information Security 8(5), 347–355 (2009)

    Article  Google Scholar 

  22. Hofheinz, D., Kiltz, E.: Programmable Hash Functions and Their Applications. J. Cryptology 25(3), 484–527 (2012)

    Article  MATH  MathSciNet  Google Scholar 

  23. Hohenberger, S., Waters, B.: Short and Stateless Signatures from the RSA Assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Jhanwar, M.P., Barua, R.: Sampling from Signed Quadratic Residues: RSA Group Is Pseudofree. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 233–247. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Joye, M.: How (Not) to Design Strong-RSA Signatures. Designs, Codes and Cryptography 59(1-3), 169–182 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  26. Micciancio, D.: The RSA Group is Pseudo-Free. J. Cryptology 23(2), 169–186 (2010)

    Article  MATH  MathSciNet  Google Scholar 

  27. Naccache, D., Pointcheval, D., Stern, J.: Twin Signatures: An Alternative to the Hash-and-Sign Paradigm. In: ACM CCS 2001, Philadelphia, PA, USA, pp. 20–27. ACM Press, New York (1993)

    Google Scholar 

  28. Paillier, P., Vergnaud, D.: Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  29. Paillier, P., Villar, J.L.: Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 252–266. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Paillier, P.: Impossibility Proofs for RSA Signatures in the Standard Model. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 31–48. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  31. Rivest, R.L.: On the Notion of Pseudo-Free Groups. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 505–521. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  32. Schäge, S.: Twin Signature Schemes, Revisited. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 104–117. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. Schäge, S.: Tight Proofs for Signature Schemes without Random Oracles. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 189–206. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  34. Seurin, Y.: On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554–571. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  35. Shamir, A.: On the Generation of Cryptographically Strong Pseudorandom Sequences. ACM Trans. on Computer Systems 1(1), 38–44 (1983)

    Article  MathSciNet  Google Scholar 

  36. Villar, J.L.: Optimal Reductions of Some Decisional Problems to the Rank Problem. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 80–97. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  37. Zhu, H.: New Digital Signature Scheme Attaining Immunity to Adaptive Chosen-Message Attack. Chinese Journal of Electronics 10(4), 484–486 (2001)

    Google Scholar 

  38. Zhu, H.: A Formal Proof of Zhu’s Signature Scheme. Cryptology ePrint Archive, Report 2003/155 (2003), http://eprint.iacr.org/

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Media, Hokkaido Information University, Nishi-Nopporo 59-2 Ebetsu, Hokkaido, 069-8585, Japan

    Masayuki Fukumitsu

  2. Graduate School of Information Sciences, Tohoku University, 41 Kawauchi, Aoba-ku, Sendai, 980–8576, Japan

    Shingo Hasegawa, Shuji Isobe & Hiroki Shizuya

Authors
  1. Masayuki Fukumitsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shingo Hasegawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuji Isobe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hiroki Shizuya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Northfields Avenue, 2522, Wollongong, NSW, Australia

    Willy Susilo  & Yi Mu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Fukumitsu, M., Hasegawa, S., Isobe, S., Shizuya, H. (2014). On the Impossibility of Proving Security of Strong-RSA Signatures via the RSA Assumption. In: Susilo, W., Mu, Y. (eds) Information Security and Privacy. ACISP 2014. Lecture Notes in Computer Science, vol 8544. Springer, Cham. https://doi.org/10.1007/978-3-319-08344-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08344-5_19

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08343-8

  • Online ISBN: 978-3-319-08344-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation