English
 
Help Privacy Policy Disclaimer
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT

Released

Conference Paper

Verifiably Encrypted Signatures: Security Revisited and a New Construction

MPS-Authors
/persons/resource/persons188577

Rabkin,  Max
International Max Planck Research School, MPI for Informatics, Max Planck Society;

External Resource
No external resources are shared
Fulltext (restricted access)
There are currently no full texts shared for your IP range.
Fulltext (public)
There are no public fulltexts stored in PuRe
Supplementary Material (public)
There is no public supplementary material available
Citation

Hanser, C., Rabkin, M., & Schröder, D. (2015). Verifiably Encrypted Signatures: Security Revisited and a New Construction. In Computer Security - ESORICS 2015 (pp. 146-164). Berlin: Springer. doi:10.1007/978-3-319-24174-6_8.


Cite as: https://hdl.handle.net/11858/00-001M-0000-0029-6FAB-7
Abstract
n structure-preserving signatures on equivalence classes (SPS-EQ-R), introduced at ASIACRYPT 2014, each message M in (G*)^l is associated to its projective equivalence class, and a signature commits to the equivalence class: anybody can transfer the signature to a new, scaled, representative. In this work, we give the first black-box construction of a public-key encryption scheme from any SPS-EQ-R satisfying a simple new property which we call perfect composition. The construction does not involve any non-black-box technique and the implication is that such SPS-EQ-R cannot be constructed from one-way functions in a black-box way. The main idea of our scheme is to build a verifiable encrypted signature (VES) first and then apply the general transformation suggested by Calderon et al. (CT-RSA 2014). The original definition of VES requires that the underlying signature scheme be correct and secure in addition to other security properties. The latter have been extended in subsequent literature, but the former requirements have sometimes been neglected, leaving a hole in the security notion. We show that Calderon et al.'s notion of resolution independence fills this gap.