Fail-Stop Signatures

Pedersen, Torben; Pfitzmann, Birgit

doi:10.1137/s009753979324557x

Cited by 46 publications

(22 citation statements)

References 32 publications

(69 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their signature scheme leads to short signatures, but the signing algorithm requires one exponentiation per bit of the message, which makes the resulting scheme inefficient. A number of works in the literature have studied the design of fail-stop signature schemes based on factoring-related assumptions [7,33,36,41,37]. However, almost all such constructions rely on assumptions that are stronger than the standard factoring assumption.…”

Section: Computementioning

confidence: 99%

See 1 more Smart Citation

One-Time Signatures and Chameleon Hash Functions

Mohassel

2011

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. In this work we show a general construction for transforming any chameleon hash function to a strongly unforgeable one-time signature scheme. Combined with the result of [Bellare and Ristov, PKC 2007], this also implies a general construction of strongly unforgeable one-time signatures from Σ-protocols in the standard model.Our results explain and unify several works in the literature which either use chameleon hash functions or one-time signatures, by showing that several of the constructions in the former category can be interpreted as efficient instantiations of those in the latter. They also imply that any "noticeable" improvement to the efficiency of constructions for chameleon hash functions leads to similar improvements for one-time signatures. This makes such improvements challenging since efficiency of one-time signatures has been studied extensively.We further demonstrate the usefulness of our general construction by studying and optimizing specific instantiations based on the hardness of factoring, the discrete-log problem, and the worst-case lattice-based assumptions. Some of these signature schemes match or improve the efficiency of the best previous constructions or relax the underlying hardness assumptions. Two of the schemes have very fast signing (no exponentiations) which makes them attractive in scenarios where the signer has limited computational resources.

show abstract

Section: Computementioning

confidence: 99%

“…However, almost all such constructions rely on assumptions that are stronger than the standard factoring assumption. The only exception is the construction of [7,33] which is based on the intractability of factoring integers n = pq for p, q with p = q = 3 mod 4 (i.e. Blum integers) and p = q mod 8.…”

Section: Computementioning

confidence: 99%

One-Time Signatures and Chameleon Hash Functions

Mohassel

2011

Selected Areas in Cryptography

View full text Add to dashboard Cite

show abstract

“…The verifier of the signature checks whether the signature corresponds to the multisignature of the group, by using the public key that all the members of the group share [19].…”

Section: A Multisignature Scheme Based On Sdlp and Ifpmentioning

confidence: 99%

A Multisignature Scheme Based on the SDLP and on the IFP

Díaz

Encinas

Masqué

2011

Computational Intelligence in Security for Information Systems

View full text Add to dashboard Cite

Abstract. Multisignature schemes are digital signature schemes that permit one to determine a unique signature for a given message, depending on the signatures of all the members of a specific group. In this work, we present a new semi-short multisignature scheme based on the Subgroup Discrete Logarithm Problem (SDLP) and on the Integer Factorization Problem (IFP). The scheme can be carried out in an on-and off-line basis, is efficient, and the bitlength of the multisignature does not depend on the number of signers.

show abstract

“…To provide protection against forgeries of an attacker with unlimited computational power, fail-stop signature schemes are proposed [12], [16]. In the fail-stop signature scheme, in the case of forgery, the presumed signer can prove that a forgery has happened.…”

Section: Introductionmentioning

confidence: 99%

A proxy fail-stop signature scheme with proxy revocation

Kim

Chang

2008

Journal of Discrete Mathematical Sciences and Cryptography

View full text Add to dashboard Cite

In this paper, we propose a new type digital signature, proxy fail-stop signature scheme with proxy revocation. In the proposed scheme, the proxy signer can sign a message on behalf of the original signer and provide a proof of forgery if it occurs. Moreover, the original signer can revoke the signing rights from the proxy signer. The proposed scheme is based on two hard problems, discrete logarithm problem and factorization. We define the security requirements for the proxy fail-stop signature with revocation and show that our scheme satisfies all security requirements.

show abstract

Fail-Stop Signatures

Cited by 46 publications

References 32 publications

One-Time Signatures and Chameleon Hash Functions

One-Time Signatures and Chameleon Hash Functions

A Multisignature Scheme Based on the SDLP and on the IFP

A proxy fail-stop signature scheme with proxy revocation

Contact Info

Product

Resources

About