New Online/Offline Signature Schemes Without Random Oracles

  • Kaoru Kurosawa
  • Katja Schmidt-Samoa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)


In this paper, we propose new signature schemes provably secure under the strong RSA assumption in the standard model. Our proposals utilize Shamir-Tauman’s generic construction for building EF-CMA secure online/offline signature schemes from trapdoor commitments and less secure basic signature schemes. We introduce a new natural intractability assumption for hash functions, which can be interpreted as a generalization of second pre-image collision resistance. Assuming the validity of this assumption, we are able to construct new signature schemes provably secure under the strong RSA assumption without random oracles. In contrast to Cramer-Shoup’s signature scheme based on strong RSA in the standard model, no costly generation of prime numbers is required for the signer in our proposed schemes. Moreover, the security of our schemes relies on weaker assumptions placed on the hash function than Gennaro, Halevi and Rabin’s solution.


Online/offline signatures trapdoor hash strong RSA assumption division intractability 


  1. [BP97]
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 366–377. Springer, Heidelberg (1997)Google Scholar
  2. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. of the 1st ACM Conference on Computer and Communications Security (CCS), pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  3. [CGH98]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: Proc. of the 30th Annual ACM Symposium on Theory of Computing (STOC 1998), pp. 209–218. ACM Press, New York (1998)Google Scholar
  4. [CGH04]
    Canetti, R., Goldreich, O., Halevi, S.: On the random-oracle methodology as applied to length-restricted signature schemes. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 40–57. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. [CL02]
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. [CN00]
    Coron, J.-S., Naccache, D.: Security analysis of the Gennaro-Halevi- Rabin signature scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 91–101. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. [Cop97]
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent rsa vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [CS99]
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: ACM Conference on Computer and Communications Security, pp. 46–51 (1999)Google Scholar
  9. [Dam87]
    Damgård, I.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1987)Google Scholar
  10. [EGM96]
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. Journal of Cryptology 9(1), 35–67 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  11. [Fis03]
    Fischlin, M.: The Cramer-Shoup strong-RSA signature scheme revisited. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 116–129. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. [GHR99]
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)Google Scholar
  13. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proc. of the Symposium on Network and Distributed Systems Security (NDSS), The Internet Society (2000)Google Scholar
  15. [KSS06]
    Kurosawa, K., Schmidt-Samoa, K.: New online/offline signature schemes without random oracles. Cryptology ePrint Archive (2006),
  16. [LL94]
    Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  17. [Mil75]
    Miller, G.L.: Riemann’s hypothesis and tests for primality. In: Proc. of the 7th annual ACM symposium on Theory of computing (STOC 1975), pp. 234–239. ACM Press, New York (1975)Google Scholar
  18. [Sho99]
    Shoup, V.: On the security of a practical identification scheme. J. Cryptology 12(4), 247–260 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  19. [SST05]
    Schmidt-Samoa, K., Takagi, T.: Paillier’s cryptosystem modulo p2q and its applications to trapdoor commitment schemes. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 296–313. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. [ST01]
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kaoru Kurosawa
    • 1
  • Katja Schmidt-Samoa
    • 2
  1. 1.Department of Computer and Information SciencesIbaraki UniversityJapan
  2. 2.Fachbereich InformatikTechnische Universität DarmstadtGermany

Personalised recommendations