Paper 2024/183

On Security Proofs of Existing Equivalence Class Signature Schemes

Balthazar Bauer, UVSQ
Georg Fuchsbauer, TU Wien
Fabian Regen, TU Wien
Abstract

Equivalence class signatures (EQS; Asiacrypt '14), sign vectors of elements from a bilinear group. Anyone can transform a signature on a vector to a signature on any multiple of that vector; signatures thus authenticate equivalence classes. A transformed signature/message pair is indistinguishable from a random signature on a random message. EQS have been used to efficiently instantiate (delegatable) anonymous credentials, (round-optimal) blind signatures, ring and group signatures, anonymous tokens and contact-tracing schemes, to name a few. The original EQS construction (J. Crypto '19) is proven secure in the generic group model, and the first scheme from standard assumptions (PKC '18) satisfies a weaker model insufficient for most applications. Two works (Asiacrypt '19, PKC '22) propose applicable schemes that assume trusted parameters. Their unforgeability is argued via a security proof from standard (or non-interactive) assumptions. We show that their security proofs are flawed and explain the subtle issue. While the schemes might be provable in the algebraic group model (AGM), we instead show that the original construction, which is more efficient and has found applications in many works, is secure in the AGM under a parametrized non-interactive hardness assumption.

Note: Added as second result a security proof of the FHS scheme (J. Crypto '19) in the algebraic group model under a non-interactive assumption.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2024
Keywords
Equivalence class signaturesflaw in existing analysissecurity proofalgebraic group model
Contact author(s)
balthazar bauer @ ens fr
georg fuchsbauer @ tuwien ac at
fabian regen @ tuwien ac at
History
2024-09-21: revised
2024-02-07: received
See all versions
Short URL
https://ia.cr/2024/183
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/183,
      author = {Balthazar Bauer and Georg Fuchsbauer and Fabian Regen},
      title = {On Security Proofs of Existing Equivalence Class Signature Schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/183},
      year = {2024},
      url = {https://eprint.iacr.org/2024/183}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.