CryptoDB
Revisiting BBS Signatures
| Authors: |
|
|---|---|
| Download: |
|
| Presentation: | Slides |
| Conference: | EUROCRYPT 2023 |
| Abstract: | BBS signatures were implicitly proposed by Boneh, Boyen, and Shacham (CRYPTO '04) as part of their group signature scheme, and explicitly cast as stand-alone signatures by Camenisch and Lysyanskaya (CRYPTO '04). A provably secure version, called BBS+, was then devised by Au, Susilo, and Mu (SCN '06). They are suitable for the use within anonymous credential and DAA systems, as their algebraic structure enables efficient proofs of knowledge of message-signature pairs that support partial disclosure. BBS+ is currently the object of a standardization effort which has led to a recent RFC draft. BBS+ signatures consist of one group element and two scalars. As our first contribution, we give a new proof of security for a shorter version of BBS+, consisting only of one group element and one scalar. This shorter version is essentially the original BBS proposal, which was lacking a proof of security, and we show it satisfies, under the $q$-SDH assumption, the same provable security guarantees as BBS+. We also give an alternative and tight analysis in the algebraic group model, which heuristically justifies additional flexibility in schemes instantiations. Furthermore, we provide simplified and shorter zero-knowledge proofs of knowledge a BBS message-signature that support partial disclosure of the message. In instantiations over BLS12-381, our proofs are 896 bits shorter than the prior proposal by Camenisch, Drijvers, and Lehmann (TRUST '16), which is also adopted by the RFC draft. Finally, we show that BBS satisfies one-more unforgeability in the algebraic group model in a situation, which arises in the context of credentials, where the signer can be asked to sign arbitrary group elements, meant to be commitments, without seeing their openings. |
BibTeX
@inproceedings{eurocrypt-2023-32927,
title={Revisiting BBS Signatures},
publisher={Springer-Verlag},
doi={10.1007/978-3-031-30589-4_24},
author={Stefano Tessaro and Chenzhi Zhu},
year=2023
}