On concrete security treatment of signatures derived from identification

  • Kazuo Ohta
  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)


Signature schemes that are derived from three move identification schemes such as the Fiat-Shamir, Schnorr and modified ElGamal schemes are a typical class of the most practical signature schemes. The random oracle paradigm [1, 2, 12] is useful to prove the security of such a class of signature schemes [4, 12]. This paper presents a new key technique, “ID reduction”, to show the concrete security result of this class of signature schemes under the random oracle paradigm. First, we apply this technique to the Schnorr and modified ElGamal schemes, and show the “concrete security analysis” of these schemes. We then apply it to the multi-signature schemes.


  1. 1.
    M. Bellare and P. Rogaway, “Random Oracles are Practical: A Paradigm for Designing Efficient Protocols,” Proc. of the First ACM Conference on Computer and Communications Security, pp.62–73.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, “The Exact Security of Digital Signatures-How to Sign with RSA and Rabin,” Advances in Cryptology-EUROCRYPT'96, Springer-Verlag, pp.399–416.Google Scholar
  3. 3.
    T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, IT-31, 4, pp.469–472, 1985.MathSciNetCrossRefGoogle Scholar
  4. 4.
    A. Fiat and A. Shamir, “How to Prove Yourself,” Advances in Cryptology — CRYPTO'86, Springer-Verlag, pp.186–194.Google Scholar
  5. 5.
    U. Feige, A. Fiat and A. Shamir, “Zero-Knowledge Proofs of Identity,” J. of Cryptology, 1, p.77–94.Google Scholar
  6. 6.
    S. Goldwasser, S. Micali and C. Rackoff, “The Knowledge Complexity of Interactive Proof Systems,” SIAM J. on Computing, 18, pp.186–208, 1989.zbMATHMathSciNetCrossRefGoogle Scholar
  7. 7.
    S. Goldwasser, S. Micali and R. Rivest, “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM J. on Computing, 17, pp.281–308, 1988.zbMATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, 48, pp.203–209, 1987.zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    M. Naor and M. Yung, “Universal One-Way Hash Functions and Their Cryptographic Applications,” Proc. of STOC, pp.33–43, 1989.Google Scholar
  10. 10.
    K. Ohta and T. Okamoto, “A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme,” Advances in Cryptology-ASIACRYPT'91, Springer-Verlag, pp. 139–148.Google Scholar
  11. 11.
    K. Ohta and T. Okamoto, “The Exact Security of Multi-Signature Schemes,” Technical Report of IEICE, ISEC97-27 (July, 1997), pp.41–52.Google Scholar
  12. 12.
    D. Pointcheval and J. Stern, “Security Proofs for Signature Schemes,” Advances in Cryptology-EUROCRYPT'96, Springer-Verlag, pp.387–398.Google Scholar
  13. 13.
    J. Rompel, “One-Way Functions are Necessary and Sufficient for Secure Signature,” Proc. of STOC, pp.387–394, 1990.Google Scholar
  14. 14.
    R. Rivest, A. Shamir and L. Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of ACM, 21, 2, pp.120–126, 1978.zbMATHMathSciNetCrossRefGoogle Scholar
  15. 15.
    C.P. Schnorr, “Efficient Identification and Signatures for Smart Card,” Advances in Cryptology-EUROCRYPT'89, Springer-Verlag, pp.235–251.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Kazuo Ohta
    • 1
  • Tatsuaki Okamoto
    • 1
  1. 1.NTT LaboratoriesNippon Telegraph and Telephone CorporationKanagawaJapan

Personalised recommendations