On the General Construction of Tightly Secure Identity-Based Signature Schemes

Abstract

AbstractA tightly secure scheme has a reduction, where the reduction loss is a small constant. Identity-based signature (IBS) is an important cryptographic primitive, and tightly secure IBS schemes enjoy the advantage that the security parameter can be optimal to achieve a certain security level. General constructions of IBS schemes (Bellare, M., Namprempre, C., and Neven, G. (2004) Security Proofs for Identity-Based Identification and Signature Schemes. In Proc. EUROCRYPT 2004, May 2–6, pp. 268–286. Springer, Berlin, Interlaken, Switzerland; Galindo, D., Herranz, J., and Kiltz, E. (2006) On the Generic Construction of Identity-Based Signatures With Additional Properties. In Proceedings of ASIACRYPT 2006, December 3–7, pp. 178–193. Springer, Berlin, Shanghai, China) and their security have been extensively studied. However, the security is not tight and how to generally construct a tightly secure IBS scheme remains unknown. In this paper, we concentrate on the general constructions of IBS schemes. We first take an insight into previous constructions and analyze the reason why it cannot achieve tight security. To further study possible tightly secure constructions, we propose another general construction, which could be seen as a different framework of IBS schemes. Our construction requires two traditional signature schemes, whereas the construction by Bellare et al. uses one scheme in a two-round iteration. There are no additional operations in our general construction. Its main advantage is providing the possibility of achieving tight security for IBS schemes in the random oracle model. Combining two known signature schemes, we present an efficient IBS scheme with tight security as an example.