Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees

  • Niko Barić
  • Birgit Pfitzmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1233)


One-way accumulators, introduced by Benaloh and de Mare, can be used to accumulate a large number of values into a single one, which can then be used to authenticate every input value without the need to transmit the others. However, the one-way property does is not sufficient for all applications.

In this paper, we generalize the definition of accumulators and define and construct a collision-free subtype. As an application, we construct a fail-stop signature scheme in which many one-time public keys are accumulated into one short public key. In contrast to previous constructions with tree authentication, the length of both this public key and the signatures can be independent of the number of messages that can be signed.


Random Oracle Security Parameter Conversion Algorithm Extended Euclidean Algorithm Tree Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Bari96]
    Niko Barić: Digitale Signaturen mit Fail-stop Sicherheit ohne Baumauthentifizierung. Diplomarbeit, Institut für Informatik, Universität Hildesheim, July 1996.Google Scholar
  2. [BeMa94]
    Josh Benaloh and Michael de Mare: One-Way Accumulators: A Decentralized Alternative to Digital Signatures. In Advances in Cryptology — EUROCRYPT’ 93, LNCS 765, pages 274–285. Springer-Verlag, Berlin, 1994.Google Scholar
  3. [BeRo93]
    Mihir Bellare and Phillip Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In 1st ACM Conference on Computer and Communications Security, November 1993, pages 62–73, acm press, New York, 1993.CrossRefGoogle Scholar
  4. [CFPR96]
    Don Coppersmith, Matthew Franklin, Jacques Patarin, and Michael Reiter: Low-Exponent RSA with Related Messages. In Advances in Cryptology — CRYPTO’ 96, LNCS 1070, pages 1–9. Springer-Verlag, Berlin, 1996.Google Scholar
  5. [CrDa96]
    Ronald Cramer and Ivan B. Damgård: New Generation of Secure and Practical RSA-Based Signatures. In Advances in Cryptology — CRYPTO’ 96, LNCS 1109. Springer-Verlag, Berlin, 1996.CrossRefGoogle Scholar
  6. [DwNa94]
    Cynthia Dwork and Moni Naor: An Efficient Existentially Unforgeable Signature Scheme and its Application. In Advances in Cryptology — CRYPTO’ 94, LNCS 839, pages 234–246. Springer-Verlag, Berlin, 1994.Google Scholar
  7. [Håst86]
    Johan Håstad: On Using RSA with Low Exponent in a Public Network. In Advances in Cryptology — CRYPTO’ 85, LNCS 218, pages 403–408. Springer-Verlag, Berlin, 1986.CrossRefGoogle Scholar
  8. [HePe93]
    Eugène van Heyst and Torben P. Pedersen: How to Make Efficient Fail-stop Signatures. In Advances in Cryptology — EUROCRYPT’ 92, LNCS 658, pages 366–377. Springer-Verlag, Berlin, 1993.CrossRefGoogle Scholar
  9. [HePP93]
    Eugène van Heijst, Torben P. Pedersen, and Birgit Pfitzmann: New Constructions of Fail-Stop Signatures and Lower Bounds. In Advances in Cryptology — CRYPTO’ 92, LNCS 740, pages 15–30. Springer-Verlag, Berlin, 1993.Google Scholar
  10. [Nybe96a]
    Kaisa Nyberg: Commutativity in Cryptography. In Proceedings of the First International Workshop on Functional Analysis at Trier University, pages 331–342. Walter de Gruyter, Berlin, 1996.Google Scholar
  11. [Nybe96b]
    Kaisa Nyberg: Fast Accumulated Hashing. In 3rd Fast Software Encryption Workshop, LNCS 1039, pages 83–87. Springer-Verlag, Berlin, 1996.Google Scholar
  12. [PePf97]
    Torben P. Pedersen and Birgit Pfitzmann: Fail-Stop Signatures. to appear in SIAM Journal on Computing, 26(2):291–330, April 1997.Google Scholar
  13. [Pfit94]
    Birgit Pfitzmann: Fail-Stop Signatures Without Trees. Hildesheimer Informatik-Berichte 16/94, ISSN 0941-3014, Institut für Informatik, UNiversität Hildesheim, June 1994.Google Scholar
  14. [Pfit96]
    Birgit Pfitzmann: Digital Signature Schemes — General Framework and Fail-Stop Signatures. LNCS 1100. Springer-Verlag, Berlin, 1996.zbMATHGoogle Scholar
  15. [PfWa90]
    Birgit Pfitzmann and Michael Waidner: Formal Aspects of Fail-stop Signatures. Interner Bericht 22/90, Fakultät für Informatik, Universität Karlsruhe, December 1990.Google Scholar
  16. [RSA78]
    Ronald L. Rivest, Adi Shamir, and Leonard Adleman: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.CrossRefzbMATHMathSciNetGoogle Scholar
  17. [Sham83]
    Adi Shamir: On the Generation of Cryptographically Strong Pseudorandom Sequences. ACM Transaction on Computer Systems, 1(1):38–44, February 1983.CrossRefMathSciNetGoogle Scholar
  18. [WaPf90]
    Michael Waidner and Birgit Pfitzmann: The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability. In Advances in Cryptology — EUROCRYPT’ 89, LNCS 434, page 690. Springer-Verlag, Berlin, 1990.Google Scholar
  19. [Wien90]
    Michael J. Wiener: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory, 36(3):553–558, May 1990.CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Niko Barić
    • 1
  • Birgit Pfitzmann
    • 2
  1. 1.dvg HannoverHannoverGermany
  2. 2.Universität DortmundDortmundGermany

Personalised recommendations