Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2024-07-08 DOI:10.1016/j.csi.2024.103886

{"title":"Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems","authors":"","doi":"10.1016/j.csi.2024.103886","DOIUrl":null,"url":null,"abstract":"<div><p>Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1000,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000552/pdfft?md5=1c1214ab7bbdb123b5edc48b58eb293e&pid=1-s2.0-S0920548924000552-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548924000552","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.

查看原文本刊更多论文

提高匿名凭证系统的卡梅尼施-利辛斯卡亚签名的效率和安全性

在 CRYPTO'04 会议上，具有随机性的 Camenisch-Lysyanskaya 签名方案（即 CL 签名）在许多隐私保护结构中得到了广泛采用，特别是在匿名凭证系统中。遗憾的是，CL 签名存在线性大小的缺陷。由于每个用户可能有多个属性（信息），签名大小会根据签名信息线性增长，这在实践中降低了人们的兴趣。其标准的 EUF-CMA 安全性首先是在交互式假设下证明的。虽然交互式假设在密码学中并不可取，但 Fuchsbauer 等人在 CRYPTO'18 大会上重新审视了它的安全性，在代数群模型（AGM）的离散对数（Dlog）假设下证明了该方案，该模型将对手的计算理想化为代数计算，但减少损失并不严格。在这项工作中，我们提出了一种新的 CL 签名变体，即 CL+ 签名，它提高了效率和安全性。所提出的 CL+ 签名具有随机性，但没有线性大小的缺点，因此签名大小是三个组元素的常数。此外，我们还证明了 CL+ 签名的安全性可以严格简化为 AGM 中的 DLog 问题，损失因子仅为 3。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.