Zero-knowledge undeniable signatures (extended abstract)
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
How to share a function securely
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Witness-based cryptographic program checking and robust function sharing
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Proactive public key and signature systems
Proceedings of the 4th ACM conference on Computer and communications security
Adaptive Security for Threshold Cryptosystems
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Convertible Undeniable Signatures
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Practical Threshold RSA Signatures without a Trusted Dealer
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adaptive Security for the Additive-Sharing Based Proactive RSA
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Admission control in Peer-to-Peer: design and performance evaluation
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Efficient threshold RSA signatures with general moduli and no extra assumptions
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Further simplifications in proactive RSA signatures
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Simplified threshold RSA with adaptive and proactive security
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
We show the first proactive RSA scheme with a fully non-interactive signature protocol. The scheme is secure and robust with the optimal threshold of tn/2 corruptions. Such protocol is very attractive in practice: When a party requesting a signature contacts t茂戮驴 tamong ntrustees which implement a proactive RSA scheme, the trustees do not need to communicate between each other, and simply respond with a single "partial signature" message to the requester, who can reconstruct the standard RSA signature from the first t+ 1 responses he receives. The computation costs incurred by each party are comparable to standard RSA signature computation.Such non-interactive signature protocol was known for threshold RSA [1], but previous proactive RSA schemes [2,3] required all trustees to participate in the signature generation, which made these schemes impractical in many networking environments. On the other hand, proactivity, i.e. an ability to refresh the secret-sharing of the signature key between the trustees, not only makes threshold cryptosystems more secure, but it is actually a crucial component for any threshold scheme in practice, since it allows for secure replacement of a trustee in case of repairs, hardware upgrades, etc. The proactive RSA scheme we present shows that it is possible to have the best of both worlds: A highly practical non-interactive signature protocol andan ability to refresh the secret-sharing of the signature key. This brings attack-resilient implementations of root sources of trust in any cryptographic scheme closer to practice.