Pseudorandom signatures (original) (raw)
2013, Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13
We develop a three-level hierarchy of privacy notions for (unforgeable) digital signatures, starting with existing notions of anonymity and confidentiality, whose independence we prove formally. The ultimate privacy goal in our hierarchy is pseudorandomness: signatures with this property hide the entire information about the signing process and they cannot be recognized as signatures when transmitted over a public network. This implies very strong unlinkability guarantees across different signers and even different signing algorithms and gives rise to new forms of private public-key authentication. We prove that one way towards pseudorandom signatures leads over the mid-level notion, called indistinguishability: these signatures can be simulated using only the public parameters of the scheme. Indistinguishable signatures exist in different cryptographic settings (e.g. based on RSA, discrete logarithms, pairings) and can be efficiently lifted to the highest privacy level using general transformations based on appropriate encoding techniques. We also show a more direct way for obtaining pseudorandomness from any unforgeable signature scheme. Our transformations work in the standard model. We keep public verifiability of signatures in the setting of system-wide known public keys and we allow full disclosure of signatures, and even of secret signing keys, while working with messages of high entropy.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.