Affiliations: [a] Dipartimento di Matematica e Informatica, Università di Catania, Catania, Italy. E-mail: catalano@dmi.unict.it | [b] Institute of Logic and Computation, TU Wien, Vienna, Austria. E-mail: georg.fuchsbauer@tuwien.ac.at | [c] LIX, CNRS UMR 7161, Ecole Polytechniquel, Palaiseau, France | [d] Project team Grace, INRIA Saclay, France. E-mail: soleimanian@lix.polytechnique.fr
Note: [1] This paper is an extended and revised version of a paper presented at the 12th Conference on Security and Cryptography for Networks.
Abstract: A double-authentication preventing signature (DAPS) scheme is a digital signature scheme equipped with a self-enforcement mechanism. Messages consist of an address and a payload component, and a signer is penalized if she signs two messages with the same addresses but different payloads. The penalty is the disclosure of the signer’s signing key. Most of the existing DAPS schemes are proved secure in the random oracle model (ROM), while the efficient ones in the standard model only support address spaces of polynomial size. We present DAPS schemes that are efficient, secure in the standard model under standard assumptions and support large address spaces. Our main construction builds on vector commitments (VC) and double-trapdoor chameleon hash functions (DCH). We also provide a DAPS realization from Groth–Sahai (GS) proofs that builds on a generic construction by Derler et al., which they instantiate in the ROM. The GS-based construction, while less efficient than our main one, shows that a general yet efficient instantiation of DAPS in the standard model is possible. An interesting feature of our main construction is that it can be easily modified to guarantee security even in the most challenging setting where no trusted setup is provided. To the best of our knowledge, ours seems to be the first construction achieving this in the standard model.
Keywords: Digital signature, double-spending, self-enforcement, chameleon hash function
