Improved Security Proof for the Camenisch-Lysyanskaya Signature-Based Synchronized Aggregate Signature Scheme

TL;DR

This paper presents an improved security proof for a bilinear group-based synchronized aggregate signature scheme, replacing the previous one-time assumption with a static assumption, enhancing confidence and efficiency.

Contribution

The authors provide a new security proof for the synchronized aggregate signature scheme under a static assumption, reducing reliance on less practical one-time assumptions.

Findings

Security proof now based on 1-MSDH-2 assumption

Maintains efficiency while strengthening security guarantees

Replaces one-time assumption with static assumption

Abstract

The Camenisch-Lysyanskaya signature scheme in CRYPTO 2004 is a useful building block to construct privacy-preserving schemes such as anonymous credentials, group signatures or ring signatures. However, the security of this signature scheme relies on the interactive assumption called the LRSW assumption. Even if the interactive assumptions are proven in the generic group model or bilinear group model, the concerns about these assumptions arise in a cryptographic community. This fact caused a barrier to the use of cryptographic schemes whose security relies on these assumptions. Recently, Pointcheval and Sanders proposed the modified Camenisch-Lysyanskaya signature scheme in CT-RSA 2018. This scheme satisfies the EUF-CMA security under the new q-type assumption called the Modified-q-Strong Diffie-Hellman-2 (q-MSDH-2) assumption. However, the size of a q- type assumptions grows dynamically and this fact leads to inefficiency of schemes. In this work, we revisit the Camenisch-Lysyanskaya signature-based synchronized aggregate signature scheme in FC 2013. This scheme is one of the most efficient synchronized aggregate signature schemes with bilinear groups. However, the security of this synchronized aggregate scheme was proven under the one-time LRSW assumption in the random oracle model. We give the new security proof for this synchronized aggregate scheme under the 1-MSDH-2 (static) assumption in the random oracle model with little loss of efficiency.