Send email Copy Email Address
2018

Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys

Summary

We introduce a new cryptographic primitive called signatures with flexible public key (SFPK). We divide the key space into equivalence classes induced by a relation R. A signer can efficiently change his or her key pair to a different representative of the same class, but without a trapdoor it is hard to distinguish if two public keys are related. Our primitive is motivated by structure-preserving signatures on equivalence classes (SPSEQ), where the partitioning is done on the message space. Therefore, both definitions are complementary and their combination has various applications. We first show how to efficiently construct static group signatures and self-blindable certificates by combining the two primitives. When properly instantiated, the result is a group signature scheme that has a shorter signature size than the current state-of-the-art scheme by Libert, Peters, and Yung from Crypto'15, but is secure in the same setting. In its own right, our primitive has stand-alone applications in the cryptocurrency domain, where it can be seen as a straightforward formalization of so-called stealth addresses. Finally, it can be used to build the first ring signature scheme in the plain model without trusted setup, where signature size depends only sub-linearly on the number of ring members. Thus, solving an open problem stated by Malavolta and Schroeder at ASIACRYPT'2017.

Conference Paper

International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT)

Date published

2018

Date last modified

2024-11-07