Efficient digital signatures from RSA without random oracles

Improving efficiency of digital signature scheme is important since digital signature scheme is a core building block for many privacy protocols. There are some proposals regarding efficient digital signatures whose security arguments are guaranteed by the standard assumption such as RSA assumption. Although several RSA-based digital signature schemes achieve a short signature size, many of them essentially rely on random oracle heuristics. In 2009, Hohenberger and Water proposed an excellent approach to the design of a short RSA-based signature scheme without random oracles (CRYPTO 2009). However, their scheme requires signers to execute an expensive prime-number generation several times, and leaves the reduction in signing and verifying costs as important open problems. In this paper, we propose an efficient digital signature scheme from the above category. That is, we propose a short RSA signature scheme in the standard model, which requires less prime-number generations than those in the previous best scheme of BM, Hofheinz, Jager, Koch, and Striecks (Journal of Cryptology 2015). More precisely, the BHJKS scheme requires signers to generate O(log lambda) prime-numbers for each signature; however, our scheme requires almost a constant time (e.g., log log lambda) of prime-number generation in the signing algorithm, where lambda is the security parameter. (C) 2019 Elsevier Inc. All rights reserved.