基于可编程hash函数的短签名

数字签名中的短签名由于其签名长度的优势，特别适用于通信带宽受限的场合．现有的短签名方案大多是随机预言模型下可证明安全的，但是随机预言模型通常被认为过于理想化，现实中没有一种hash函数能够模拟随机预言模型，而少数标准模型下可证安全的短签名方案，一般被认为是低效的或者基于强困难假设，即攻击者被给于一定数量的随机的已解决问题实例，要求去解决一个它自己选择的实例．可编程hash函数fprogrammablehashflmctions，PHF）是一种能模拟随机预言的某些可编程特性的特殊hash函数．可编程hash函数可嵌入到签名的基本构造中，产生标准模型下的短签名．本文利用可编程hash函数设计了一个基于因子分解假设的短签名方案．它具有的优点是：1）签名长度短，只需要一个群上的元素和一个小整数；2）签名和验证计算量小，不需要在签名过程中进行生成素数的运算；3）不需要嵌入变色龙hash函数便可实现标准模型下可证明安全．

Short signature based on programmable hash functions

A short signature, which is a type of digital signature, has an advantage in terms of its length, Short signatures are particularly suitable for scenarios in which communication bandwidth is constrained. Most of the existing short signature schemes have been proven secure under a random oracle, which is considered to be too idealistic. There is no hash function that can simulate a random oracle. A few of the provable secure short signature schemes in the standard model are considered to be inefficient or subject to strong hard assumptions, where the attacker is required to solve a chosen instance given a certain number of solved instances. Programmable hash functions （PHFs） can mimic some of the programmability properties of random oracles. Thus, PHFs can be plugged into the generic construction of signatures to yield short signatures in the standard model. We propose a short signature scheme based on a factoring assumption that uses programmable hash functions, The advantages are that： 1） the short signature only involves one element in a group and one small integer; 2） the scheme is efficient in terms of computational cost and does not require the generation of primes at signing; and 3） it is provably secure under the standard model without Chameleon hashes. This scheme is especially suitable for resource constrained applications such as wireless sensor networks and the Internet of things.