RKA Security of Identity-Based Homomorphic Signature Scheme

Recently, Lin et al. proposed a new primitive identity-based (IB) homomorphic signature scheme and presented an ingenious implement by using any IB-signature scheme as a building block. In this paper, we consider a new type of attack on their scheme: Related-key attack (RKA) is introduced by Bellare and Kohno in 2003 and widely considered for kinds of cryptographic primitives. Specifically, for the first time, we define the RKA security of IB-homomorphic signature scheme. By modifying the signing secret key as its linear form, we prove that Lin et al.'s IB-homomorphic signature scheme is not RKA secure. But a slight modification of it yields an RKA secure one under the original assumptions. We also present security proof in detail. However, we remark that the reason why RKA on Lin et al.'s scheme can be successful lies in that RKA is outside of its security model. Finally, the numerical analysis and experimental results demonstrate that our modified scheme does not distinctly decrease the computational efficiency of Lin et al.'s scheme.