A Signature Scheme with Efficient Protocols
- 1.2k Downloads
Digital signature schemes are a fundamental cryptographic primitive, of use both in its own right, and as a building block in cryptographic protocol design. In this paper, we propose a practical and provably secure signature scheme and show protocols (1) for issuing a signature on a committed value (so the signer has no information about the signed value), and (2) for proving knowledge of a signature on a committed value. This signature scheme and corresponding protocols are a building block for the design of anonymity-enhancing cryptographic systems, such as electronic cash, group signatures, and anonymous credential systems. The security of our signature scheme and protocols relies on the Strong RSA assumption. These results are a generalization of the anonymous credential system of Camenisch and Lysyanskaya.
KeywordsSignature Scheme Commitment Scheme Message Space Digital Signature Scheme Signature Query
Unable to display preview. Download preview PDF.
- 1.G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practical and provably secure coalition-resistant group signature scheme. In M. Bellare, editor, Advances in Cryptology-CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 255–270. Springer Verlag, 2000.Google Scholar
- 2.N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In W. Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, volume 1233 of Lecture Notes in Computer Science, pages 480–494. Springer Verlag, 1997.Google Scholar
- 5.S. Brands. Rethinking Public Key Infrastructure and Digital Certificates-Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.Google Scholar
- 7.J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multishow credential system with optional anonymity revocation. In B. Pfitzmann, editor, Advances in Cryptology-EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 93–118. Springer Verlag, 2001.Google Scholar
- 11.J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zürich, 1998. Diss. ETH No. 12520, Hartung Gorre Verlag, Konstanz.Google Scholar
- 12.R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In Proc. 30th Annual ACM Symposium on Theory of Computing (STOC), pages 209–218, 1998.Google Scholar
- 16.R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. In Proc. 6th ACM Conference on Computer and Communications Security, pages 46–52. ACM press, nov 1999.Google Scholar
- 18.I. Damgård and E. Fujisaki. An integer commitment scheme based on groups with hidden order. http://eprint.iacr.org/2001, 2001.
- 27.A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym systems. In H. Heys and C. Adams, editors, Selected Areas in Cryptography, volume 1758 of Lecture Notes in Computer Science. Springer Verlag, 1999.Google Scholar
- 28.S. Micali. 6.875: Introduction to cryptography. MIT course taught in Fall 1997.Google Scholar
- 30.M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, pages 33–43, Seattle, Washington, 15–17 May 1989. ACM.Google Scholar
- 33.J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), pages 387–394, Baltimore, Maryland, 1990. ACM.Google Scholar