At Asiacrypt 2014, Hanser and Slamanig presented a new cryptographic primitive called structure-preserving signature scheme on equivalence classes in the message space (G;∗1)ℓ, where G1 is some additive cyclic group. Based on the signature scheme, they constructed an efficient multi-show attribute-based anonymous credential system that allows to encode an arbitrary number of attributes. The signature scheme was claimed to be existentially unforgeable under the adaptive chosen message attacks in the generic group model. However, for ℓ = 2, Fuchsbauer pointed out a valid existential forgery can be generated with over- whelming probability by using 4 adaptive chosen-message queries. Hence, the scheme is existentially forgeable under the adaptive chosen message attack at least when ℓ = 2. In this paper, we show that even for the general case ℓ ≥ 2, the scheme is existentially forgeable under the non- adaptive chosen message attack and universally forgeable under the adap- tive chosen message attack. It is surprising that our attacks will succeed all the time and need fewer queries, which give a better description of the scheme’s security.
CITATION STYLE
Pan, Y. (2016). Cryptanalysis of the structure-preserving signature scheme on equivalence classes from Asiacrypt 2014. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9610, pp. 291–304). Springer Verlag. https://doi.org/10.1007/978-3-319-29485-8_17
Mendeley helps you to discover research relevant for your work.