Efficient and provable security amplifications
Even, Goldreich and Micali showed at Crypto'89 that the existence of signature schemes secure against known message attacks implies the existence of schemes secure against adaptively chosen message attacks. Unfortunately, this transformation leads to a rather impractical scheme. We exhibit a similar security amplification, which takes the given scheme to a new signature scheme that is not even existentially forgeable under adaptively chosen message attacks. Additionally, however, our transformation will be practical: The complexity of the resulting scheme is twice that of the original scheme.
The principles of both transformations carry over to block encryption systems. It is shown how they can be used to convert a block encryption system secure against known plaintext attacks to a system secure against chosen plaintext attacks. For both schemes it is shown that if the transformed scheme can be broken given a number, T, of encryptions of adaptively chosen plaintexts, then the original scheme can be broken given encryptions of T uniformly chosen plaintexts. In this case, however, the application of the technique of Even, Goldreich and Micali leads to the more efficient scheme. The transformed scheme has the same key length as the original, and ciphertexts are doubled in length. As an example, when applied to DES the transformed scheme is secure against differential cryptanalysis, which relies on the ability to get encryptions of plaintext pairs with proper differences.
Unable to display preview. Download preview PDF.
- 1.M. Bellare, S. Micali: How to Sign Given Any Trapdoor Function. Proceedings of STOC '88, pp.32–42.Google Scholar
- 2.E. Biham, A. Shamir: Differential Cryptanalysis of DES-like Cryptosystems. Proceedings of Crypto'90, pp. 2–21.Google Scholar
- 3.S. Even, O. Goldreich and S. Micali: On-Line/Off-Line Digital Signatures. Proceedings of Crypto '89, pp.263–275.Google Scholar
- 4.R. Cramer, I. Damgård, B. Schoenmakers,: “Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols”, Proceedings of Crypto '94, pp. 174–187.Google Scholar
- 5.S. Goldwasser, S. Micali and R. Rivest: A Digital Signature Scheme Secure Against Chosen Message Attacks. SIAM Journal on Computing, 17(2): 281–308, 1988.Google Scholar
- 6.L.R. Knudsen. Personal communication.Google Scholar
- 7.M. Naor, C. Dwork: An Efficient Existentially Unforgeable Signature Scheme and its Applications. Proceedings of Crypto '94, pp.234–246.Google Scholar
- 8.M. Naor, M. Yung: Universal One Way Hash functions and their Cryptographic Applications. Proceedings of STOC '89, pp.33–43.Google Scholar
- 9.National Bureau of Standards. Data encryption standard. Federal Information Processing Standard (FIPS), Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington DC, January 1977.Google Scholar
- 10.J. Rompel: One Way Functions are Necessary and Sufficient for signatures. Proceedings of STOC '90, pp.387–394.Google Scholar