Fail-Stop Signature for Long Messages (Extended Abstract)

  • Rei Safavi-Naini
  • Willy Susilo
  • Huaxiong Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1977)


Security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in a slow signature generation process. In this paper, we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function and results in a much faster signing process at the cost of slower verification process, and longer secret key and signature. An important advantage of the scheme is that proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash functions.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Barić and B. Pfitzmann. Collision-Free Accumulators and Fail-Stop Signature Schemes without Trees. Advances in Cryptology-Eurocrypt’ 97, Lecture Notes in Computer Science 1233, pages 480–494, 1997. 168Google Scholar
  2. 2.
    D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. Interner Bericht, Fakultät für Informatik, 1/91, 1990. 166, 167, 168, 175, 175Google Scholar
  3. 3.
    I. B. Damgåard, Collision free hash functions and public key signature scheme, Lecture Notes in Computer Science 304, pages 203–216, 1988. 166, 167, 175, 175, 175Google Scholar
  4. 4.
    E. N. Gilbert, F. J. MacWilliams and N. J. A. Sloane. Codes which detect deception. The Bell System Technical Journal, Vol.33, No.3, pages 405–424, 1974. 170MathSciNetGoogle Scholar
  5. 5.
    T. Johansson. Contributions to unconditionally secure authentication, Ph.D. thesis, Lund, 1994. 172Google Scholar
  6. 6.
    T. Johansson. Authentication codes for nontrusting parties obtained from rank metric codes, Designs, Codes and Cryptography, 6:205–218, 1995. 172MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    L. Lamport. Constructing digital signatures from a one-way function. PSRI International CSL-98, 1979. 167Google Scholar
  8. 8.
    A. K. Lenstra, E. R. Verheul, Selecting Cryptographic Key Sizes, online: Extended abstract appeared in Commercial Applications, Price Waterhouse Coopers, CCE Quarterly Journals, 3, pages 3–9, 1999. 167, 175, 175Google Scholar
  9. 9.
    T. P. Pedersen and B. Pfitzmann. Fail-stop signatures. SIAM Journal on Computing, 26/2:291–330, 1997. 165, 166, 166, 167, 167, 168, 169MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    B. Pfitzmann. Fail-stop signatures: Principles and applications. Proc. Compsec’ 91, 8th world conference on computer security, audit and control, pages 125–134, 1991. 167Google Scholar
  11. 11.
    B. Pfitzmann. Digital Signature Schemes-General Framework and Fail-Stop Signatures. Lecture Notes in Computer Science 1100, Springer-Verlag, 1996. 167, 168, 173MATHGoogle Scholar
  12. 12.
    R. Safavi-Naini, S. Bakhtiari and C. Charnes. MRD Hashing. Proceedings of Fast Software Encrytion Workshop, Lecture Notes in Computer Science 1372, pages 134–149, 1998. 172Google Scholar
  13. 13.
    R. Safavi-Naini and W. Susilo. A General Construction for Fail-Stop Signature using Authentication Codes. Workshop on Cryptography and Combinatorial Number Theory (CCNT’ 99), 2000 (to appear). 166, 167, 167, 170Google Scholar
  14. 14.
    R. Safavi-Naini and W. Susilo. Fail-Stop Threshold Signature Schemes based on Discrete Logarithm and Factorization. The Third International Workshop on Information Security, ISW 2000, 2000 (to appear). 166, 166Google Scholar
  15. 15.
    G. J. Simmons. Authentication theory/coding theory. Advances in Cryptology-Crypto’ 84, Lecture Notes in Computer Science 196, pages 411–431, 1984.Google Scholar
  16. 16.
    W. Susilo, R. Safavi-Naini, and J. Pieprzyk. RSA-based Fail-Stop Signature schemes. International Workshop on Security (IWSec’ 99), IEEE Computer Society Press, pages 161–166, 1999. 166, 167, 173, 174, 174, 175Google Scholar
  17. 17.
    W. Susilo, R. Safavi-Naini, M. Gysin, and J. Seberry. An Efficient Fail-Stop Signature Schemes. The Computer Journal, 2000 (to appear). 166, 166, 166, 167, 173, 174, 174, 175Google Scholar
  18. 18.
    E. van Heijst and T. Pedersen. How to make efficient fail-stop signatures. Advances in Cryptology-Eurocrypt’ 92, pages 337–346, 1992. 166, 166, 167, 168, 173, 174, 175, 175Google Scholar
  19. 19.
    E. van Heijst, T. Pedersen, and B. Pfitzmann. New constructions of fail-stop signatures and lower bounds. Advances in Cryptology-Crypto’ 92, Lecture Notes in Computer Science 740, pages 15–30, 1993. 166, 168, 173, 173, 174, 175Google Scholar
  20. 20.
    M. Waidner and B. Pfitzmann. The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. Advances in Cryptology-Eurocrypt’ 89, Lecture Notes in Computer Science 434, 1990. 165, 167Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Rei Safavi-Naini
    • 1
  • Willy Susilo
    • 1
  • Huaxiong Wang
    • 1
  1. 1.Centre for Computer Security Research School of Information Technology and Computer ScienceUniversity of WollongongWollongongAUSTRALIA

Personalised recommendations