Server-Aided Verification Signatures: Definitions and New Constructions

A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. By executing the server-aided verification protocol with the server, one can perform the verification of signatures with less computational cost compared to the original verification algorithm. This mechanism is therefore indispensable for low-power devices such as smart cards. The contributions of this paper are manyfold. Firstly, we introduce and define the existential unforgeability of server-aided verification signatures. We prove that the new notion includes the existing security requirements in server-aided verification signatures. Then, we analyze the Girault-Lefranc scheme in Asiacrypt 2005 and show that their scheme can be made secure in our model, but the computational cost is more than the claimed in the original scheme. After that, we propose the first server-aided verification BLS, which is existentially unforgeable in the random oracle model under the Bilinear Diffie-Hellman assumption. Finally, we consider the collusion and adaptive chosen message attack in server-aided verification signatures. For the first time in the literature, the security of server-aided verification signatures against such attacks is defined. We provide a concrete construction of a server-aided verification BLS secure against the collusion and chosen message attack.