Boneh–Lynn–Shacham

Pairing functions

A gap group is a group in which the computational Diffie–Hellman problem is intractable but the decisional Diffie–Hellman problem can be efficiently solved. Non-degenerate, efficiently computable, bilinear pairings permit such groups.

Let e : G × G → G T be a non-degenerate, efficiently computable, bilinear pairing where G , G T are groups of prime order, r . Let g be a generator of G . Consider an instance of the CDH problem, g , g x , g y . Intuitively, the pairing function e does not help us compute g x y , the solution to the CDH problem. It is conjectured that this instance of the CDH problem is intractable. Given g z , we may check to see if g z = g x y without knowledge of x , y , and z , by testing whether e ( g x , g y ) = e ( g , g z ) holds.

By using the bilinear property x + y + z times, we see that if e ( g x , g y ) = e ( g , g ) x y = e ( g , g ) z = e ( g , g z ) , then since G T is a prime order group, x y = z .

The scheme

A signature scheme consists of three functions: generate, sign, and verify.

Key generation

The key generation algorithm selects a random integer x in the interval [0, r − 1]. The private key is x . The holder of the private key publishes the public key, g x .

Signing

Given the private key x , and some message m , we compute the signature by hashing the bitstring m , as h = H ( m ) . We output the signature σ = h x .

Verification

Given a signature σ and a public key g x , we verify that e ( σ , g ) = e ( H ( m ) , g x ) .

Properties