Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015
DOI: 10.1145/2810103.2813635
|View full text |Cite
|
Sign up to set email alerts
|

Subversion-Resilient Signature Schemes

Abstract: We provide a formal treatment of security of digital signatures against subversion attacks (SAs). Our model of subversion generalizes previous work in several directions, and is inspired by the proliferation of software attacks (e.g., malware and buffer overflow attacks), and by the recent revelations of Edward Snowden about intelligence agencies trying to surreptitiously sabotage cryptographic algorithms. The main security requirement we put forward demands that a signature scheme should remain unforgeable ev… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2

Citation Types

2
49
0

Year Published

2017
2017
2021
2021

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 80 publications
(51 citation statements)
references
References 46 publications
2
49
0
Order By: Relevance
“…As a corollary we obtain the result of Ateniese et al (Theorem 1 in [2]) that for every coin-injective signature scheme, there is a successful algorithm substitution attack of negligible insecurity. Moreover we get (Theorem 2 in [2]) that for every coin-extractable signature scheme, there is a successful and secure ASA. We can conclude also (Theorem 3 in [2]) that unique signature schemes are resistant to ASAs fulfilling the verifiability condition.…”
Section: Our Resultssupporting
confidence: 55%
See 3 more Smart Citations
“…As a corollary we obtain the result of Ateniese et al (Theorem 1 in [2]) that for every coin-injective signature scheme, there is a successful algorithm substitution attack of negligible insecurity. Moreover we get (Theorem 2 in [2]) that for every coin-extractable signature scheme, there is a successful and secure ASA. We can conclude also (Theorem 3 in [2]) that unique signature schemes are resistant to ASAs fulfilling the verifiability condition.…”
Section: Our Resultssupporting
confidence: 55%
“…Moreover we get (Theorem 2 in [2]) that for every coin-extractable signature scheme, there is a successful and secure ASA. We can conclude also (Theorem 3 in [2]) that unique signature schemes are resistant to ASAs fulfilling the verifiability condition. Roughly speaking the last property means that each message has exactly one signature and the ASA can only produce valid signatures.…”
Section: Our Resultsmentioning
confidence: 91%
See 2 more Smart Citations
“…Ateniese, Magri and Venturi [3] study ASAs on signature schemes. Russell, Tang, Yung and Zhou [43] consider ASAs on one-way and trapdoor one-way functions.…”
mentioning
confidence: 99%