Signatures on Randomizable Ciphertexts

Olivier Blazy 1, 2 Georg Fuchsbauer 3 David Pointcheval 1, 2 Damien Vergnaud 1, 2
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : Randomizable encryption allows anyone to transform a ciphertext into a fresh ciphertext of the same message. Analogously, a randomizable signature can be transformed into a new signature on the same message. We combine randomizable encryption and signatures to a new primitive as follows: given a signature on a ciphertext, anyone, knowing neither the signing key nor the encrypted message, can randomize the ciphertext and adapt the signature to the fresh encryption, thus maintaining public verifiability. Moreover, given the decryption key and a signature on a ciphertext, one can compute (``extract'') a signature on the encrypted plaintext. As adapting a signature to a randomized encryption contradicts the standard notion of unforgeability, we introduce a weaker notion stating that no adversary can, after querying signatures on ciphertexts of its choice, output a signature on an encryption of a new message. This is reasonable since, due to extractability, a signature on an encrypted message can be interpreted as an encrypted signature on the message. Using Groth-Sahai proofs and Waters signatures, we give several instantiations of our primitive and prove them secure under classical assumptions in the standard model and the CRS setting. As an application, we show how to construct an efficient non-interactive receipt-free universally verifiable e-voting scheme. In such a scheme a voter cannot prove what his vote was, which precludes vote selling. Besides, our primitive also yields an efficient round-optimal blind signature scheme based on standard assumptions, and namely for the classical Waters signature.
Type de document :
Communication dans un congrès
Rosario Gennaro. PKC 2011 - Proceedings of the 2011 International Conference on Practice and Theory in Public Key Cryptography, Mar 2011, Taormina, Italy. Springer, 6571, pp.403-422, 2011, LNCS - Lecture Notes in Computer Science. 〈10.1007/978-3-642-19379-8_25〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00542643
Contributeur : David Pointcheval <>
Soumis le : vendredi 3 décembre 2010 - 10:14:51
Dernière modification le : mardi 24 avril 2018 - 17:20:13

Lien texte intégral

Identifiants

Collections

Citation

Olivier Blazy, Georg Fuchsbauer, David Pointcheval, Damien Vergnaud. Signatures on Randomizable Ciphertexts. Rosario Gennaro. PKC 2011 - Proceedings of the 2011 International Conference on Practice and Theory in Public Key Cryptography, Mar 2011, Taormina, Italy. Springer, 6571, pp.403-422, 2011, LNCS - Lecture Notes in Computer Science. 〈10.1007/978-3-642-19379-8_25〉. 〈inria-00542643〉

Partager

Métriques

Consultations de la notice

180