A new precomputation method is presented for computing gR for a fixed element g and a randomly chosen exponent R in a given group. Our method is more efficient and flexible than the previously proposed methods, especially in the case where the amount of storage available is very small or quite large. It is also very efficient in computing gRyB for a small size E and variable number y, which OCCUIE in the verification of Schnorr's identification scheme or its variants. Finally it ia shown that our method is well-suited for parallel processing as well. On the other hand, using a moderate amount of storage for intermediate values, the performance can be considerably improved again. Knuth's 5-window algorithm [1,4] can do exponentiation in about 609 multiplications on average, including the on-line precomputation of 16 multiplications. The fastest known algorithm for exponentiation is the windowing method based on addition chains, where we can use bigger windows such as 10 [4] and need more storage for intermediate values 151. Though finding the shortest addition chain is an NPcomplete problem [6], it is reported [4] that, by applying heuristics, an addition chain of length around 605 can be computed. These general methods can be used for any cryptosystems requiring exponentiation such as RSA [7] and ElGamal [8]. However, in many cryptographic. protocols based on the discrete logarithm problem, we need to compute gR for a fixed base g but for a randomly chosen exponent R. Thanks to the fixed base element, a precomputation table can be used to reduce the number of multiplications required, of course at the expense of storage for precomputed values. At Eurocrypt'92, Brickell et al. [9] proposed such a method for speeding up the computation of gR (called the BGMW method, for the convenience of
Abstract. This paper addresses the security of optimistic fair exchange in a multi-user setting. While the security of public key encryption and public key signature schemes in a single-user setting guarantees the security in a multi-user setting, we show that the situation is different in the optimistic fair exchange. First, we show how to break, in the multi-user setting, an optimistic fair exchange scheme provably secure in the single-user setting. This example separates the security of optimistic fair exchange between the single-user setting and the multi-user setting. We then define the formal security model of optimistic fair exchange in the multi-user setting, which is the first complete security model of optimistic fair exchange in the multi-user setting. We prove the existence of a generic construction meeting our multi-user security based on one-way functions in the random oracle model and trapdoor one-way permutations in the standard model. Finally, we revisit two well-known methodologies of optimistic fair exchange, which are based on the verifiably encrypted signature and the sequential two-party multisignature, respectively. Our result shows that these paradigms remain valid in the multi-user setting.
To provide the binding between a user and his public key, traditional digital signature schemes use certificates that are signed by a trusted third party. While Shamir's identity-based signature scheme can dispense with certificates, the key escrow of a user's private key is inherent in the identity-based signature scheme. In Asiacrypt 2003, a new digital signature paradigm called the certificateless signature was introduced. The certificateless signature eliminates the need for certificates and does not suffer from the inherent key escrow problem. In this paper, we provide a generic secure construction of a certificateless signature. We also present an extended construction whose trust level is the same as that of a traditional public key signature scheme.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.