TY - JOUR
T1 - Efficient verifiably encrypted signatures from lattices
AU - Kim, Kee Sung
AU - Jeong, Ik Rae
N1 - Funding Information:
This research was partly supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2013R1A2A2A01068200), the IT R&D program of MOTIE/KEIT [KI002113, Development of Security Technology for Car-Healthcare], and the MKE (The Ministry of Knowledge Economy), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2013-H0301-13-3007) supervised by the NIPA (National IT Industry Promotion Agency).
PY - 2014/8
Y1 - 2014/8
N2 - Verifiably encrypted signature schemes can convince a verifier that a given ciphertext is an encryption of an ordinary signature on a given message and the ordinary signature can be recovered by the third party, called adjudicator. In 2010, Rückert et al. proposed a general construction for the verifiably encrypted signatures, and then, they also showed that there exist the lattice-based verifiably encrypted signature schemes. Their constructions are very insightful, but their schemes need an extra adjudication setup phase and Merkle trees, so they have large parameters and keys, that is, they are inefficient. Also, their schemes provide only the limited signature capacity because the signing keys should be reissued after generating kth verifiably encrypted signatures. To overcome the weaknesses of Rückert et al.'s scheme, we construct a verifiably encrypted signature scheme based on the hard lattice problems. Our scheme provides the full functionality, i.e., the signatures can be generated without any limitations and does not need any extra adjudication setup phases. Moreover, the size of the secret keys in our scheme is constant. Our scheme provides unforgeability, opacity, extractability, and abuse-freeness in the random oracle model.
AB - Verifiably encrypted signature schemes can convince a verifier that a given ciphertext is an encryption of an ordinary signature on a given message and the ordinary signature can be recovered by the third party, called adjudicator. In 2010, Rückert et al. proposed a general construction for the verifiably encrypted signatures, and then, they also showed that there exist the lattice-based verifiably encrypted signature schemes. Their constructions are very insightful, but their schemes need an extra adjudication setup phase and Merkle trees, so they have large parameters and keys, that is, they are inefficient. Also, their schemes provide only the limited signature capacity because the signing keys should be reissued after generating kth verifiably encrypted signatures. To overcome the weaknesses of Rückert et al.'s scheme, we construct a verifiably encrypted signature scheme based on the hard lattice problems. Our scheme provides the full functionality, i.e., the signatures can be generated without any limitations and does not need any extra adjudication setup phases. Moreover, the size of the secret keys in our scheme is constant. Our scheme provides unforgeability, opacity, extractability, and abuse-freeness in the random oracle model.
KW - Abuse-freeness
KW - Extractability
KW - Lattice
KW - Opacity
KW - Verifiably encrypted signature
UR - http://www.scopus.com/inward/record.url?scp=84904413422&partnerID=8YFLogxK
U2 - 10.1007/s10207-014-0226-0
DO - 10.1007/s10207-014-0226-0
M3 - Article
AN - SCOPUS:84904413422
SN - 1615-5262
VL - 13
SP - 305
EP - 314
JO - International Journal of Information Security
JF - International Journal of Information Security
IS - 4
ER -