One-Round ID-Based Blind Signature Scheme without ROS Assumption

In this paper, we propose the first one-round identity-based blind signature (IDBS) scheme without ROS assumption, which supposes that it is infeasible to find an overdetermined, solvable system of linear equations modulo q with random inhomogenities [25]. Our construction has the following features. First, it achieves the optimal bound of round complexity for blind signatures, i.e., each signature can be generated with one round (or two moves) of message exchanges between the signer and signature requesting user. Second, the proposed IDBS scheme is provably secure against generic parallel attack without relying on the ROS assumption. This means our scheme can guarantee the same security level with smaller security parameter, in contrast to some IDBS schemes with ROS assumptions, such as the IDBS deduced from the blind Schnorr signature. Third, our construction is based on bilinear pairings from scratch (i.e. without using existing identity-based signature schemes, and without using existing computational assumptions). Finally, the security of our IDBS is based on a new formalized assumption, called one-more bilinear Diffie-Hellman inversion (1m-BDHI) assumption.