Functional signatures: new definition and constructions

Functional signatures: new definition and constructions

Functional signatures (FS) enable a master authority to delegate its signing privilege to an assistant. Concretely, the master authority uses its secret key sk(F) to issue a signing key sk(f) for a designated function f is an element of F-FS and sends both f and sk(f) to the assistant E, which is th...

Full description

Saved in:
Bibliographic Details
Main Authors: GUO, Qingwen, HUANG, Qiong, MA, Sha, XIAO, Meiyan, YANG, Guomin, SUSILO, Willy
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2021
Subjects:
cloud computation security
digital signature
functional signature
non-interactive zeroknowledge proof
e-commerce
E-Commerce
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/7298
https://ink.library.smu.edu.sg/context/sis_research/article/8301/viewcontent/222301.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Functional signatures (FS) enable a master authority to delegate its signing privilege to an assistant. Concretely, the master authority uses its secret key sk(F) to issue a signing key sk(f) for a designated function f is an element of F-FS and sends both f and sk(f) to the assistant E, which is then able to compute a signature sigma(f) with respect to pk(F) for a message y in the range of f. In this paper, we modify the syntax of FS slightly to support the application scenario where a certificate of authorization is necessary. Compared with the original FS, our definition requires that F-FS is an injective function family and for any f(0), f(1) is an element of F-FS there does not exist an intersection between range(f(0)) and range(f(1)). Accordingly, we redefine the security of FS and introduce two additional security notions, called unlinkability and accountability. Signatures sigma(f) in our definition do not expose the intention of the master authority. We propose two constructions of FS. The first one is a generic construction based on signatures with perfectly re-randomizable keys, non-interactive zero-knowledge proof (NIZK) and traditional digital signatures, and the other is based on RSA (Rivest-Shamir- Adleman) signatures with full domain hash and NIZK. We prove that both schemes are secure under the given security models.

Similar Items