Abstract
This paper presents some theoretical and experimental results about off-line/on-line digital signatures. The goal of this type of schemes is to reduce the time used to compute a signature using some kind of preprocessing. They were introduced by Even, Goldreich and Micali and constructed by combining regular digital signatures with efficient one-time signatures. Later Shamir and Tauman presented an alternative construction (which produces shorter signatures) by combining regular signatures with chameleon hash functions.
We first unify the Shamir-Tauman and Even et al. approaches by showing that they can be considered different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing are in effect a type of one-time signatures which satisfy this weaker security notion.
In the process we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call two-trapdoor) is a fully secure one-time signature.
Finally we ran experimental tests using OpenSSL libraries to test the difference between the two approaches. In our implementation we make extensive use of the observation that off-line/on-line digital signatures do not require collision-resistant hash functions to compress the message, but can be safely implemented with universal one-way hashing in both the off-line and the on-line step. The main application of this observation is that both the steps can be applied to shorter digests. This has particular relevance if block-ciphers or hash functions based one-time signatures are used since these are very sensitive to the length of the message. Interestingly, we show that (mostly due to the above observation about hashing), the two approaches are comparable in efficiency and signature length.
The full version of the article is available at http://www.dmi.unict.it/~fiore
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Barić, N., Pfitzmann, B.: Collision-free Accumulators and Fail-stop Signature Schemes without Trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)
Bellare, M., Micali, S.: How To Sign Given Any Trapdoor Function. In: Proceedings of STOC 88, pp. 32–42. ACM, New York (1988)
Bellare, M., Rogaway, P.: Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In: proceedings of 1st ACM Conference on Computer and Communications Security (CCS 1993), pp. 62–73. ACM Press, New York (1993)
Boyar, J.F., Kurtz, S.A., Krentel, M.W.: A Discrete Logarithm Implementation of Perfect Zero-Knowledge Blobs. Journal of Cryptology 2(2), 63–76 (1990)
Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences 37(2), 156–189 (1988)
Bresson, E., Catalano, D., Gennaro, R.: Improved On-Line/Off-Line Threshold Signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 217–232. Springer, Heidelberg (2007)
Coron, J., Naccache, D.: Security analysis of the Gennaro-Halevi-Rabin Signature Scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 91–101. Springer, Heidelberg (2000)
Cramer, R., Damgard, I.: New Generation of Secure and Practical RSA-based Signatures. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 173–185. Springer, Heidelberg (1996)
Eastlake, D., Jones, P.: US Secure Hash Algorithm 1 (SHA1), RFC, RFC Editor
Cramer, R., Shoup, V.: Signature Scheme based on the Strong RSA Assumption. In: Proceedings of 6th ACM Conference on Computer and Communications Security (CCS 1999), pp. 46–51. ACM Press, New York (1999)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Even, S., Goldreich, O., Micali, S.: On-Line/Off-Line Digital Signatures. Journal of Cryptology 9(1), 35–67 (1996)
Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions of Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 187–194. Springer, Heidelberg (1987)
Gennaro, R., Halevi, S., Rabin, T.: Secure Hash-and-Sign Signatures without the Random Oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)
Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal on Computing 17(2), 281–308 (1988)
Halevi, S., Krawczyk, H.: Strengthening Digital Signatures Via Randomized Hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)
Jakobsson, M.: Fractal Hash Sequence Representation and Traversal. In: Jakobsson, M. (ed.) Proceedings of IEEE International Symposium on Information Theory (ISIT 2002), p. 437 (2002)
Krawczyk, H., Rabin, T.: Chameleon Hashing and Signatures. In: Proceedings of Network and Distributed Systems Security Symposium (NDSS 2000), pp. 143–154. Internet Society (2000)
Kurosawa, K., Schmidt-Samoa, K.: New Online/Offline Signature Schemes Without Random Oracles. In: Yung, M., et al. (eds.) PKC 2006. LNCS, vol. 3958, pp. 330–346. Springer, Heidelberg (2006)
Lamport, L.: Constructing digital signatures from a one-way function, Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (October 1979)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Application. In: Proceedings of STOC 1989, pp. 33–43. ACM Press, New York (1989)
Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13(3), 361–396 (2000)
Rabin, M.O.: Digital Signatures. In: DeMillo, R.A., et al. (eds.) Foundations of Secure Computation, pp. 155–168. Academic Press, London (1978)
Rivest, R., Shamir, A., Adelman, L.: A Method for Obtaining Digital Signature and Public Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Rompel, J.: One-Way Functions Are Necessary and Sufficient for Secure Signatures. In: Proceedings of STOC 1990, pp. 387–394 (1990)
Shamir, A., Tauman, Y.: Improved On-line/Off-line Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)
Schnorr, C.P.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)
OpenSSL Project, http://www.openssl.org
National Institute for Standards and Technology, Digital Signature Standard (DSS), Technical Report 169, August 30 (1991)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Catalano, D., Di Raimondo, M., Fiore, D., Gennaro, R. (2008). Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results. In: Cramer, R. (eds) Public Key Cryptography – PKC 2008. PKC 2008. Lecture Notes in Computer Science, vol 4939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78440-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-78440-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78439-5
Online ISBN: 978-3-540-78440-1
eBook Packages: Computer ScienceComputer Science (R0)