Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Accountable-subgroup multisignatures: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Multi-signatures in the plain public-Key model and a general forking lemma
Proceedings of the 13th ACM conference on Computer and communications security
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
On the exact security of multi-signature schemes based on RSA
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Aggregate and verifiably encrypted signatures from bilinear maps
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Formal security model of multisignatures
ISC'06 Proceedings of the 9th international conference on Information Security
On the security of probabilistic multisignature schemes and their optimality
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Hi-index | 0.00 |
We first model the formal security model of multisignature scheme following that of group signature scheme. Second, we prove that the following three probabilistic multisignature schemes based on a trapdoor permutation have tight security; PFDH (probabilistic full domain hash) based multisignature scheme (PFDH-MSS), PSS (probabilistic signature scheme) based multisignature scheme (PSS-MSS), and short signature PSS based multisignature scheme (S-PSS-MSS). Third, we give an optimal proof (general result) for multisignature schemes, which derives the lower bound for the length of random salt. We also estimate the upper bound for the length in each scheme and derive the optimal length of a random salt. Two of the schemes are promising in terms of security tightness and optimal signature length. In appendix, we describe a multisignature scheme using the claw-free permutation and discuss its security.