Tight security for the generic construction of identity-based signature (in the multi-instance setting)

Youngkyung Lee, Jong Hwan Park, Kwangsu Lee, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


An identity-based signature (IBS) scheme can be generically constructed from any ordinary signature scheme by appending a chain of signatures. Until now, it has been known that a generic construction cannot lead to a tightly secure IBS scheme, although any tightly secure signature scheme can be used as a building block. In this study, we demonstrate that the generic construction of IBS can achieve tightness if the underlying signature scheme is tightly secure in the multi-user setting with corruption. In addition, we extend the tightness result of IBS to the multi-instance setting, where an adversary can corrupt multiple key generation centers and obtain multiple related master secret keys. As instantiations, we adopt the efficient and tightly secure signature scheme in the multi-user setting with corruption, recently proposed by Gjøsteen and Jager (CRYPTO 2018). As a result, we can obtain the first efficient and tightly secure IBS schemes (in the multi-instance setting) based on the Diffie–Hellman assumptions in the random oracle model.

Original languageEnglish
Pages (from-to)122-133
Number of pages12
JournalTheoretical Computer Science
Publication statusPublished - 2020 Dec 22

Bibliographical note

Funding Information:
This work was supported by the Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government ( MSIT ) (grant number 2016-6-00600 , “A Study on Functional Encryption: Construction, Security Analysis, and Implementation”).

Publisher Copyright:
© 2020 Elsevier B.V.


  • CDH
  • DDH
  • Identity-based signature
  • Multi-instance setting
  • Random oracle
  • Tight security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Tight security for the generic construction of identity-based signature (in the multi-instance setting)'. Together they form a unique fingerprint.

Cite this