Transitive Signature Schemes

  • Silvio Micali
  • Ronald L. Rivest
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2271)


We introduce and provide the first example of a transitive digital signature scheme. Informally, this is a way to digitally sign vertices and edges of a dynamically growing, transitively closed, graph G so as to guarantee the following properties:

Given the signatures of edges (u, v) and (v,w), anyone can easily derive the digital signature of the edge (u,w).

It is computationaly hard for any adversary to forge the digital signature of any new vertex or other edge of G, even if he can request the legitimate signer to digitally sign any number of G’s vertices and edges of his choice in an adaptive fashion (i.e., even if he can choose which vertices and edges the legitimate signer should sign next after he sees the legitimate signatures of the ones requested so far).


public-key cryptography digital signatures graphs transitive closure 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A. V. Aho, M. R. Garey, and J. D. Ullman. The transitive reduction of a directed graph. SIAM J. Comput., 1:131–137, 1972.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In Kaisa Nyberg, editor, Proceedings EUROCRYPT’ 98, pages 127–144. Springer, 1998.Google Scholar
  3. 3.
    D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. In J. Feigenbaum, editor, Proceedings CRYPTO’ 91, pages 470–484. Springer, 1992. Lecture Notes in Computer Science No. 576.Google Scholar
  4. 4.
    David Chaum. Blind signatures for untraceable payments. In R. L. Rivest, A. Sherman, and D. Chaum, editors, Proceedings CRYPTO 82, pages 199–203, New York, 1983. Plenum Press.Google Scholar
  5. 5.
    David Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030–1044, Oct 1985.CrossRefGoogle Scholar
  6. 6.
    Thomas H. Cormen, Charles E. Leiserson, and Ronald L. Rivest. Introduction to Algorithms. MIT Press/McGraw-Hill, 1990.Google Scholar
  7. 7.
    D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proc. STOC’ 91, pages 542–552. ACM, 1991.Google Scholar
  8. 8.
    Joan Feigenbaum. Encrypting problem instances: Or...can you take advantage of someone without having to trust him? In H. C. Williams, editor, Proceedings CRYPTO 85, pages 477–488. Springer, 1986. Lecture Notes in Computer Science No. 218.Google Scholar
  9. 9.
    Joan Feigenbaum and Michael Merritt. Open questions, talk abstracts, and summary of discussions. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, volume 2, pages 1–45, 1991.MathSciNetGoogle Scholar
  10. 10.
    Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM, 17(2):281–308, April 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Robert Johnson, David Molnar, Dawn Song, and David Wagner. Homomorphic signature schemes. In Topics in Cryptology-CT-RSA 2002, pages 244–262. Springer, 2002. Lecture Notes in Computer Science No. 2271 (This Volume).CrossRefGoogle Scholar
  12. 12.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  13. 13.
    T.P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In J. Feigenbaum, editor, Proceedings CRYPTO’ 91, pages 129–140. Springer, 1992. Lecture Notes in Computer Science No. 576.Google Scholar
  14. 14.
    Ronald L. Rivest, Leonard Adleman, and Michael L. Dertouzos. On data banks and privacy homomorphisms. In R. DeMillo, D. Dobkin, A. Jones, and R. Lipton, editors, Foundations of Secure Computation, pages 169–180. Academic Press, 1978.Google Scholar
  15. 15.
    Tomas Sander, Adam Young, and Moti Yung. Non-interactive cryptocomputing for NC 1. In Proceedings 40th IEEE Symposium on Foundations of Computer Science, pages 554–566, New York, 1999. IEEE.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Silvio Micali
    • 1
  • Ronald L. Rivest
    • 1
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridge

Personalised recommendations