White-Box Implementation of Shamir’s Identity-Based Signature Scheme

Abstract

Digital signature schemes have been extensively studied in the literature, where a large number of such schemes with different properties have been designed for different applications. For example, identity-based signature (IBS) schemes can efficiently map a user’s digital public key to his/her real-world identity (e.g., e-mail address). However, existing implementations of IBS schemes are not generally designed for white-box security (WBS), particularly concerning the protection of the private key when special attackers have full access to the execution environment. Therefore, in this paper, we propose the first white-box implementation for the classical Shamir’s IBS scheme. The basic idea is to utilize a mathematical transformation for embedding private key into some special tables, such that the original private key could be “invisible” during the execution process. We then analyze the security requirements achieved in our implementation, including the conventional black-box security under the random oracle model and WBS (e.g., key recovery attack resilience). This is the first IBS scheme implementation that satisfies WBS. It is also shown from the simulation that the implementation incurs a constant computational cost, which is realistic in deployments where a high security level is required.