Skip to main content
SpringerLink
Log in

Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Verifiably encrypted signatures (VES) are encrypted signatures under a public key of a trusted third party. We can verify their validity without decryption. VES has useful applications such as online contract signing and optimistic fair exchange. We propose a VES scheme that is secure under the decisional linear (DLIN) assumption in the standard model. We also propose new obfuscators for encrypted signatures (ES) and encrypted VES (EVES) that are secure under the DLIN assumption. All previous VES schemes in the standard model are either secure under standard assumptions (such as the computational Diffie–Hellman assumption) with large verification (or secret) keys or secure under non-standard dynamic \(q\)-type assumptions (such as the \(q\)-strong Diffie–Hellman extraction assumption) with short verification keys. Our scheme is the first VES scheme with short verification (and secret) keys secure under the DLIN assumption (standard assumption). We construct new obfuscators for ES/EVES as byproducts of our new VES scheme. They are more efficient than previous obfuscators with respect to public key size. Previous obfuscators for EVES are secure under non-standard assumption and use zero-knowledge (ZK) proof systems and Fiat–Shamir heuristics to obtain non-interactive ZK, i.e., its security is considered in the random oracle model. Thus, our scheme also has an advantage with respect to assumptions and the security model. Our new obfuscator for ES is obtained from our new obfuscator for EVES.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Abe M., Chase M., David B., Kohlweiss M., Nishimaki R., Ohkubo M.: Constant-size structure-preserving signatures: generic constructions and simple assumptions. In: ASIACRYPT’12. Lecture Notes in Computer Science, vol. 7658, pp. 4–24. Springer, Berlin (2012).

  2. Asokan N., Shoup V., Waidner M.: Optimistic fair exchange of digital signatures (extended abstract). In: EUROCRYPT’98. Lecture Notes in Computer Science, vol. 1403, pp. 591–606. Springer, Berlin (1998).

  3. Bao F., Deng R.H., Mao W.: Efficient and practical fair exchange protocols with off-line TTP. In: IEEE Symposium on Security and Privacy’98, pp. 77–85. IEEE Computer Society, Washington, DC (1998).

  4. Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S.P., Yang K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012).

  5. Belenkiy M., Camenisch J., Chase M., Kohlweiss M., Lysyanskaya A., Shacham H.: Randomizable proofs and delegatable anonymous credentials. In: CRYPTO’09. Lecture Notes in Computer Science, vol. 5677, pp. 108–125. Springer, Berlin (2009).

  6. Bitansky N., Canetti R.: On strong simulation and composable point obfuscation. In: CRYPTO’10. Lecture Notes in Computer Science, vol. 6223, pp. 520–537 (2010).

  7. Boneh D., Boyen X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008).

  8. Boneh D., Franklin M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003).

  9. Boneh D., Boyen X., Shacham H.: Short group signatures. In: CRYPTO’04. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Berlin (2004).

  10. Boneh D., Lynn B., Shacham H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004).

  11. Boneh D., Shen E., Waters B.: Strongly unforgeable signatures based on computational Diffie–Hellman. In: PKC’06. Lecture Notes in Computer Science, vol. 3958, pp. 229–240. Springer, Berlin (2006).

  12. Boneh D., Gentry C., Lynn B., Shacham H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: EUROCRYPT’03. Lecture Notes in Computer Science, vol. 2656, pp. 416–432. Springer, Berlin (2003).

  13. Brakerski Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: CRYPTO’12. Lecture Notes in Computer Science, vol. 7417, pp. 868–886. Springer, Berlin (2012).

  14. Brakerski Z., Vaikuntanathan V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS, pp. 97–106. IEEE Press, New York, NY (2011).

  15. Brakerski Z., Gentry C., Vaikuntanathan V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS, pp. 309–325. ACM Press, New york, NY (2012).

  16. Canetti R.: Towards realizing random oracles: Hash functions that hide all partial information. In: CRYPTO’97. Lecture Notes in Computer Science, vol. 1294, pp. 455–469. Springer, Berlin (1997).

  17. Canetti R., Dakdouk R.R.: Obfuscating point functions with multibit output. In: EUROCRYPT’08. Lecture Notes in Computer Science, vol. 4965, pp. 489–508. Springer, Berlin (2008).

  18. Canetti R., Varia M.: Non-malleable obfuscation. In: TCC’09. Lecture Notes in Computer Science, vol. 5444, pp. 73–90. Springer, Berlin (2009).

  19. Canetti R., Micciancio D., Reingold O.: Perfectly one-way probabilistic hash functions (preliminary version). In: STOC’98, pp. 131–140. ACM Press, New York, NY (1998).

  20. Canetti R., Rothblum G.N., Varia M.: Obfuscation of hyperplane membership. In: TCC’10. Lecture Notes in Computer Science, vol. 5978, pp. 72–89. Springer, Berlin (2010).

  21. Canetti R., Kalai Y.T., Varia M., Wichs D.: On symmetric encryption and point obfuscation. In: TCC’10. Lecture Notes in Computer Science, vol. 5978, pp. 52–71. Springer, Berlin (2010).

  22. Chandran N., Chase M., Vaikuntanathan V.: Collusion resistant obfuscation and functional re-encryption. In: TCC’12. Lecture Notes in Computer Science, vol. 7194, pp. 404–421. Springer, Berlin (2012).

  23. Cheng R., Zhang B., Zhang F.: Secure obfuscation of encrypted verifiable encrypted signatures. In: ProvSec’11. Lecture Notes in Computer Science, vol. 6980, pp. 188–203. Springer, Berlin (2011).

  24. Cheon J.H., Coron J.S., Kim J., Lee M.S., Lepoint T., Tibouchi M., Yun A.: Batch fully homomorphic encryption over the integers. In: EUROCRYPT’13. Lecture Notes in Computer Science, vol. 7881, pp. 315–335. Springer, Berlin (2013).

  25. Coron J.S., Naccache D.: Boneh et al’.s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption. In: ASIACRYPT’03. Lecture Notes in Computer Science, vol. 2894, pp. 392–397. Springer, Berlin (2003).

  26. Coron J.S., Mandal A., Naccache D., Tibouchi M.: Fully homomorphic encryption over the integers with shorter public keys. In: CRYPTO’11. Lecture Notes in Computer Science, vol. 6841, pp. 487–504. Springer, Berlin (2011).

  27. Dodis Y., Smith A.: Correcting errors without leaking partial information. In: STOC’05, pp. 654–663. ACM Press, New York, NY (2005).

  28. Dodis Y., Lee P.J., Yum D.H.: Optimistic fair exchange in a multi-user setting. In: PKC’07. Lecture Notes in Computer Science, vol. 4450, pp. 118–133. Springer, Berlin (2007).

  29. Fouque P.A., Joux A., Tibouchi M.: Injective encodings to elliptic curves. In: ACISP’13. Lecture Notes in Computer Science, vol. 7959, pp. 203–218. Springer, Berlin (2013).

  30. Fuchsbauer G.: Commuting signatures and verifiable encryption. In: EUROCRYPT’11. Lecture Notes in Computer Science, vol. 6632, pp. 224–245. Springer, Berlin (2011).

  31. Garg S., Gentry C., Halevi S.: Candidate multilinear maps from ideal lattices. In: EUROCRYPT’13. Lecture Notes in Computer Science, vol. 7881, pp. 1–17. Springer, Berlin (2013).

  32. Garg S., Gentry C., Halevi S., Raykova M., Sahai A., Waters B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS’13. IEEE press, New York, NY (2013).

  33. Gentry C.: Fully homomorphic encryption using ideal lattices. In: STOC’09, pp. 169–178. ACM Press, New York, NY (2009).

  34. Gentry C., Halevi S.: Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In: FOCS’11, pp. 107–116. IEEE Press, New York, NY (2011).

  35. Gentry C., Halevi S.: Implementing Gentry’s fully-homomorphic encryption scheme. In: EUROCRYPT’11. Lecture Notes in Computer Science, vol. 6632, pp. 129–148. Springer, Berlin (2011).

  36. Gentry C., Halevi S., Smart N.P.: Fully homomorphic encryption with polylog overhead. In: EUROCRYPT’12. Lecture Notes in Computer Science, vol. 7237, pp. 465–482. Springer, Berlin (2012).

  37. Gentry C., Sahai A., Waters B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: CRYPTO’13 (1). Lecture Notes in Computer Science, vol. 8042, pp. 75–92. Springer, Berlin (2013).

  38. Goldwasser S., Kalai Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS’05, pp. 553–562. IEEE press, New York, NY (2005).

  39. Goldwasser S., Rothblum G.N.: On best-possible obfuscation. In: TCC’07. Lecture Notes in Computer Science, vol. 4392, pp. 194–213. Springer, Berlin (2007).

  40. Hada S.: Zero-knowledge and code obfuscation. In: ASIACRYPT’00. Lecture Notes in Computer Science, vol. 1976, pp. 443–457. Springer, Berlin (2000).

  41. Hada S.: Secure obfuscation for encrypted signatures. In: EUROCRYPT’10. Lecture Notes in Computer Science, vol. 6110, pp. 92–112. Springer, Berlin (2010).

  42. Hofheinz D., Malone-Lee J., Stam M.: Obfuscation for cryptographic purposes. J. Cryptol. 23(1), 121–168 (2010).

  43. Hohenberger S., Rothblum G.N., Shelat A., Vaikuntanathan V.: Securely obfuscating re-encryption. J. Cryptol. 24(4), 694–719 (2011).

  44. Lu S., Ostrovsky R., Sahai A., Shacham H., Waters B.: Sequential aggregate signatures and multisignatures without random oracles. In: EUROCRYPT’06. Lecture Notes in Computer Science, vol. 4004, pp. 465–485. Springer, Berlin (2006).

  45. Lu S., Ostrovsky R., Sahai A., Shacham H., Waters B.: Sequential aggregate signatures, multisignatures, and verifiably encrypted signatures without random oracles. J. Cryptol. 26(2), 340–373 (2013).

  46. Lynn B., Prabhakaran M., Sahai A.: Positive results and techniques for obfuscation. In: EUROCRYPT’04. Lecture Notes in Computer Science, vol. 3027, pp. 20–39. Springer, Berlin (2004).

  47. Rückert M.: Verifiably encrypted signatures from RSA without NIZKs. In: INDOCRYPT’09. Lecture Notes in Computer Science, vol. 5922, pp. 363–377. Springer, Berlin (2009).

  48. Rückert M., Schröder D.: Security of verifiably encrypted signatures and a construction without random oracles. In: Pairing’09. Lecture Notes in Computer Science, vol. 5671, pp. 17–34. Springer, Berlin (2009).

  49. Rückert M., Schneider M., Schröder D.: Generic constructions for verifiably encrypted signatures without random oracles or NIZKs. In: ACNS’10. Lecture Notes in Computer Science, vol. 6123, pp. 69–86 (2010).

  50. Shoup V.: Lower bounds for discrete logarithms and related problems. In: EUROCRYPT’97, LNCS, vol. 1233, pp. 256–266 (1997).

  51. van Dijk M., Gentry C., Halevi S., Vaikuntanathan V.: Fully homomorphic encryption over the integers. In: EUROCRYPT’10. Lecture Notes in Computer Science, vol. 6110, pp. 24–43. Springer, Berlin (2010).

  52. Waters B.: Efficient identity-based encryption without random oracles. In: EUROCRYPT’05. Lecture Notes in Computer Science, vol. 3494, pp. 114–127. Springer, Berlin (2005).

  53. Waters B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: CRYPTO’09. Lecture Notes in Computer Science, vol. 5677, pp. 619–636. Springer, Berlin (2009). Full version available from http://eprint.iacr.org/2009/385.

  54. Wee H.: On obfuscating point functions. In: STOC’05, pp. 523–532. ACM Press, New York, NY (2005).

  55. Zhang F., Safavi-Naini R., Susilo W.: Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In: INDOCRYPT’03. Lecture Notes in Computer Science, vol. 2904, pp. 191–204. Springer Berlin (2003).

Download references

Acknowledgments

The authors would like to thank Mehdi Tibouchi for his useful comments on encodings between \(\mathbb {Z}_p\) and \(\mathbb {G}\). The authors would like to thank the anonymous reviewers of PKC 2012, 2013, and Designs, Codes and Cryptography for their useful comments and suggestions.

Author information

Authors and Affiliations

  1. 3-9-11, Midori-cho, Musashino-shi, Tokyo, 180-8585, Japan

    Ryo Nishimaki & Keita Xagawa

Authors
  1. Ryo Nishimaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keita Xagawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ryo Nishimaki.

Additional information

Communicated by C. Padro.

An extended abstract of this paper appeared in Public-Key Cryptography—PKC 2013—16th International Conference on Practice and Theory in Public-Key Cryptography, LNCS 7778, pp 405–422. This is the full version.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nishimaki, R., Xagawa, K. Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES. Des. Codes Cryptogr. 77, 61–98 (2015). https://doi.org/10.1007/s10623-014-9986-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-014-9986-9

Keywords

Mathematics Subject Classification

Search

Navigation