Advertisement

A New Forward-Secure Digital Signature Scheme

  • Michel Abdalla
  • Leonid Reyzin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)

Abstract

We improve the Bellare-Miner (Crypto’ 99) construction of signature schemes with forward security in the random oracle model. Our scheme has significantly shorter keys and is, therefore, more practical. By using a direct proof technique not used for forward-secure schemes before, we are able to provide better security bounds for the original construction as well as for our scheme.

Bellare and Miner also presented a method for constructing such schemes without the use of the random oracle. We conclude by proposing an improvement to their method and an additional, new method for accomplishing this.

Keywords:

forward security digital signatures proven security concrete security 

References

  1. 1.
    M. Abdalla and L. Reyzin, “A New Forward-Secure Digital Signature Scheme,” Cryptology ePrint Archive Report 2000/002 at http://eprint.iacr.org/(full version of this paper). Also available from authors’ websites.
  2. 2.
    R. Anderson, Invited lecture, Fourth Annual Conference on Computer and Communications Security, ACM, 1997.Google Scholar
  3. 3.
    M. Bellare and S. Miner, “A forward-secure digital signature scheme,” Advances in Cryptology-Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway, “The exact security of digital signatures: How to sign with RSA and Rabin,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  6. 6.
    R. Cramer and I. Damgåard, “Secure signature schemes based on interactive protocols,” Advances in Cryptology-Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.CrossRefGoogle Scholar
  7. 7.
    R. Cramer and V. Shoup, “Signature schemes based on the Strong RSA Assumption,” Sixth Annual Conference on Computer and Communications Security, ACM, 1999.Google Scholar
  8. 8.
    W. Diffie, P. van Oorschot, and M. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, 2, 1992, pp. 107–125.CrossRefGoogle Scholar
  9. 9.
    S. Even, O. Goldreich, and S. Micali, “On-line/Off-line digital signatures,” Jounal of Cryptology, Vol. 9, 1996, pp. 35–67.zbMATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” Advances in Cryptology-Crypto 86 Proceedings, Lecture Notes in Computer Science Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.Google Scholar
  11. 11.
    O. Goldreich, “Two remarks concerning the GMR signature scheme,” Advances in Cryptology-Crypto 86 Proceedings, Lecture Notes in Computer Science Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.Google Scholar
  12. 12.
    S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 281–308, April 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    L. Guillou and J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory,” Advances in Cryptology-Eurocrypt 88 Proceedings, Lecture Notes in Computer Science Vol. 330, C. Gunther ed., Springer-Verlag, 1988.CrossRefGoogle Scholar
  14. 14.
    C. Günther, “An identity-based key-exchange protocol,” Advances in Cryptology-Eurocrypt 89 Proceedings, Lecture Notes in Computer Science Vol. 434, J-J. Quisquater, J. Vandewille ed., Springer-Verlag, 1989.Google Scholar
  15. 15.
    C. H. Lim and P.J. Lee, “More Flexible Exponentiation with Precomputation,” Advances in Cryptology-Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994Google Scholar
  16. 16.
    H. Ong and C. Schnorr, “Fast signature generation with a Fiat-Shamir like scheme,” Advances in Cryptology-Eurocrypt 90 Proceedings, Lecture Notes in Computer Science Vol. 473, I. Damgård ed., Springer-Verlag, 1990.Google Scholar
  17. 17.
    S. Micali, “A secure and efficient digital signature algorithm,” Technical Report MIT/LCS/TM-501, Massachusetts Institute of Technology, Cambridge, MA, March 1994.Google Scholar
  18. 18.
    S. Micali and L. Reyzin, “Improving the exact security of Fiat-Shamir signature schemes.” In R. Baumgart, ed., Secure Networking-CQRE [Secure]’ 99, volume 1740 of Lecture Notes in Computer Science, pages 167–182, Springer-Verlag, 1999.CrossRefGoogle Scholar
  19. 19.
    K. Ohta and T. Okamoto. “A Modification of the Fiat-Shamir Scheme,” Advances in Cryptology-Crypto 88 Proceedings, Lecture Notes in Computer Science Vol. 403, S. Goldwasser ed., Springer-Verlag, 1988, pp. 232–243.CrossRefGoogle Scholar
  20. 20.
    D. Pointcheval and J. Stern, “Security proofs for signature schemes,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Michel Abdalla
    • 1
  • Leonid Reyzin
    • 2
  1. 1.Department of Computer Science & EngineeringUniversity of California at San DiegoLa Jolla
  2. 2.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridge

Personalised recommendations