Chapter

Applied Cryptography and Network Security

Volume 4521 of the series Lecture Notes in Computer Science pp 18-30

Efficient Generic On-Line/Off-Line Signatures Without Key Exposure

  • Xiaofeng ChenAffiliated withDepartment of Computer Science, Sun Yat-sen University, Guangzhou 510275Guangdong Key Laboratory of Information Security Technology, Guangzhou 510275
  • , Fangguo ZhangAffiliated withDepartment of Electronics and Communication Engineering, Sun Yat-sen University, Guangzhou 510275Guangdong Key Laboratory of Information Security Technology, Guangzhou 510275
  • , Willy SusiloAffiliated withCentre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong
  • , Yi MuAffiliated withCentre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong

* Final gross prices may vary according to local VAT.

Get Access

Abstract

The “hash-sign-switch” paradigm was firstly proposed by Shamir and Tauman with the aim to design an efficient on-line/off-line signature scheme. However, all existing on-line/off-line signature schemes based on Shamir-Tauman’s paradigm suffer from the key exposure problem of chameleon hashing. That is, if the signer applies the same hash value more than once to obtain two signatures on two different messages, the recipient can obtain a hash collision and use it to recover the signer’s trapdoor information. Therefore, the signer should pre-compute and store plenty of different chameleon hash values and the corresponding signatures on the hash values in the off-line phase, and send the collision and the signature for a certain hash value in the on-line phase. Hence, the computation and storage cost for the off-line phase and the communication cost for the on-line phase in Shamir-Tauman’s signature scheme are still a little more overload.

In this paper, we first introduce a special double-trapdoor hash family based on the discrete logarithm assumption to solve this problem. We then apply the “hash-sign-switch” paradigm to propose a much more efficient generic on-line/off-line signature scheme. Additionally, we use a one-time trapdoor/hash key pair for each message signing, which prevents the recipient from recovering the trapdoor information of the signer and computing other collisions.

Keywords

On-line/off-line signatures Chameleon hashing Key exposure