Short signatures from the Weil pairing

Authors

D. Boneh, B. Lynn, and H. Shacham.

Abstract

We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.

Usage


1    package it.unisa.dia.gas.crypto.jpbc.signature.bls01;
2    
3    import it.unisa.dia.gas.crypto.jpbc.signature.bls01.engines.BLS01Signer;
4    import it.unisa.dia.gas.crypto.jpbc.signature.bls01.generators.BLS01KeyPairGenerator;
5    import it.unisa.dia.gas.crypto.jpbc.signature.bls01.generators.BLS01ParametersGenerator;
6    import it.unisa.dia.gas.crypto.jpbc.signature.bls01.params.BLS01KeyGenerationParameters;
7    import it.unisa.dia.gas.crypto.jpbc.signature.bls01.params.BLS01Parameters;
8    import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;
9    import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
10   import org.bouncycastle.crypto.CipherParameters;
11   import org.bouncycastle.crypto.CryptoException;
12   import org.bouncycastle.crypto.digests.SHA256Digest;
13   
14   import static org.junit.Assert.assertFalse;
15   import static org.junit.Assert.assertTrue;
16   
17   /**
18    * @author Angelo De Caro (jpbclib@gmail.com)
19    */
20   public class BLS01 {
21   
22       public BLS01() {
23       }
24   
25   
26       public BLS01Parameters setup() {
27           BLS01ParametersGenerator setup = new BLS01ParametersGenerator();
28           setup.init(PairingFactory.getPairingParameters("params/curves/a.properties"));
29   
30           return setup.generateParameters();
31       }
32   
33       public AsymmetricCipherKeyPair keyGen(BLS01Parameters parameters) {
34           BLS01KeyPairGenerator keyGen = new BLS01KeyPairGenerator();
35           keyGen.init(new BLS01KeyGenerationParameters(null, parameters));
36   
37           return keyGen.generateKeyPair();
38       }
39   
40       public byte[] sign(String message, CipherParameters privateKey) {
41           byte[] bytes = message.getBytes();
42   
43           BLS01Signer signer = new BLS01Signer(new SHA256Digest());
44           signer.init(true, privateKey);
45           signer.update(bytes, 0, bytes.length);
46   
47           byte[] signature = null;
48           try {
49               signature = signer.generateSignature();
50           } catch (CryptoException e) {
51               throw new RuntimeException(e);
52           }
53           return signature;
54       }
55   
56       public boolean verify(byte[] signature, String message, CipherParameters publicKey) {
57           byte[] bytes = message.getBytes();
58   
59           BLS01Signer signer = new BLS01Signer(new SHA256Digest());
60           signer.init(false, publicKey);
61           signer.update(bytes, 0, bytes.length);
62   
63           return signer.verifySignature(signature);
64       }
65   
66       public static void main(String[] args) {
67           BLS01 bls01 = new BLS01();
68   
69           // Setup
70           AsymmetricCipherKeyPair keyPair = bls01.keyGen(bls01.setup());
71   
72           // Test same message
73           String message = "Hello World!";
74           assertTrue(bls01.verify(bls01.sign(message, keyPair.getPrivate()), message, keyPair.getPublic()));
75   
76           // Test different messages
77           assertFalse(bls01.verify(bls01.sign(message, keyPair.getPrivate()), "Hello Italy!", keyPair.getPublic()));
78       }
79   
80   }
81