Jonathan Katz
ABSTRACT
Much recent work has focused on constructing efficient digital signature schemes whose security is tightly related to the hardness of some underlying cryptographic assumption. With this motivation in mind, we show here two approaches which improve both the computational efficiency and signature length of some recently-proposed schemes:Diffie-Hellman signatures. Goh and Jarecki [18] recently analyzed a signature scheme which has a tight security reduction to the computational Diffie-Hellman problem. Unfortunately, their scheme is less efficient in both computation and bandwidth than previous schemes relying on the (related) discrete logarithm assumption. We present a modification of their scheme in which signing is 33% more efficient and signatures are 75% shorter; the security of this scheme is tightly related to the decisional Diffie-Hellman problem.PSS. The probabilistic signature scheme (PSS) designed by Bellare and Rogaway [3] uses a random salt to enable a tight security reduction to, e.g., the RSA problem. Coron [12] subsequently showed that a shorter random salt can be used without impacting the security of the scheme. We show a variant of PSS which avoids the random salt altogether yet has an equally-tight security reduction. This furthermore yields a version of PSS-R (PSS with message recovery) with optimal message length. Our technique may also be used to improve the efficiency of a number of other schemes.
- D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. Asiacrypt 2001.]] Google Scholar
Digital Library
- E. Brickell, D. Pointcheval, S. Vaudenay, and M. Yung. Design validations for discrete logarithm based signature schemes. PKC 2000.]] Google ScholarDigital Library
- R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. STOC '98.]] Google ScholarDigital Library
- D. Chaum and H. van Antwerpen. Undeniable signatures. Crypto '89.]] Google ScholarDigital Library
- J.-S. Coron. On the exact security of full-domain hash. Crypto 2000.]] Google ScholarDigital Library
- J.-S. Coron. Optimal security proofs for PSS and other signature schemes. Eurocrypt 2002. Full version available at http://eprint.iacr.org/2001/062/.]]Google Scholar
- Y. Dodis and L. Reyzin. On the power of claw-free permutations. Security in Communication Networks 2002.]]Google Scholar
- T. El Gamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory 31(4): 469--472 (1985).]]Google ScholarCross Ref
- Federal Information Processing Standards publication #186-2. 2000. Digital signature standard (DSS). U.S. Department of Commerce/National Institute of Standards and Technology.]]Google Scholar
- A. Fiat and A. Shamir. How to prove yourself: practical solutions to identification and signature problems. Crypto '86.]] Google ScholarDigital Library
- E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. Crypto 2001.]] Google ScholarDigital Library
- E.-J. Goh and S. Jarecki. A signature scheme as secure as the Diffie-Hellman problem. Eurocrypt 2003.]]Google Scholar
- S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2): 281--308 (1988).]] Google ScholarDigital Library
- L. Granboulan. Short signatures in the random oracle model. Asiacrypt 2002.]] Google ScholarDigital Library
- J. Jonsson. An OAEP variant with a tight security proof. Available at http://eprint.iacr.org/2002/034/.]]Google Scholar
- U. Maurer and S. Wolf. The Diffie-Hellman protocol. Designs, Codes, and Cryptography 19(2/3): 147--171 (2000).]] Google ScholarDigital Library
- S. Micali and L. Reyzin. Improving the exact security of digital signature schemes. J. Cryptology 15(1): 1--18 (2002).]]Google ScholarDigital Library
- D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. J. Cryptology 13(3): 361--396 (2000).]]Google ScholarDigital Library
- C. Schnorr. Efficient identification and signatures for smart cards. Crypto '89.]] Google ScholarDigital Library
- V. Shoup. Lower bounds for discrete logarithms and related problems. Eurocrypt '97.]]Google Scholar
- V. Shoup. OAEP reconsidered. Crypto 2001.]] Google ScholarDigital Library
- V. Shoup. A proposal for an ISO standard for public-key encryption. Available at http://eprint.iacr.org/2001/112.]]Google Scholar
Index Terms
- Efficiency improvements for signature schemes with tight security reductions
Recommendations
Tight Security for Signature Schemes Without Random Oracles
We present the first tight security proofs for two general classes of Strong RSA (SRSA) based signature schemes. Among the covered signature schemes are the signature schemes by Cramer---Shoup, Zhu, Fischlin, and the SRSA-based Camenisch---Lysyanskaya ...
Security analysis of two certificateless short signature schemes
Certificateless public key cryptography (CL‐PKC) combines the advantage of both traditional PKC and identity‐based cryptography (IBC) as it eliminates the certificate management problem in traditional PKC and resolves the key escrow problem in IBC. ...
New multi-proxy multi-signature schemes
A new kind of proxy signature schemes is first proposed: multi-proxy multi-signature schemes. In multi-proxy multi-signature schemes, an original group of signers can authorize a group of proxy signers under the agreement of all singers both in the ...
Comments