How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Improved Online/Offline Signature Schemes
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
On-Line/Off-Line Digital Schemes
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract)
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Online/Offline Signature Scheme Based on the Strong RSA Assumption
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
Efficient Generic On-Line/Off-Line Signatures Without Key Exposure
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Optimal Online/Offline Signature: How to Sign a Message without Online Computation
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Divisible On-Line/Off-Line Signatures
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Improved on-line/off-line threshold signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Online/offline signature schemes for devices with limited computing capabilities
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Generic on-line/off-line threshold signatures
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
New online/offline signature schemes without random oracles
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Security analysis of the strong diffie-hellman problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Online/Offline signatures and multisignatures for AODV and DSR routing security
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Online/offline verification of short signatures
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
| Hi-index | 0.00 |
On-line/Off-line signatures are useful in many applications where the signer has a very limited response time once the message is presented. The idea is to perform the signing process in two phases. The first phase is performed off-line before the message to be signed is available and the second phase is performed on-line after the message to be signed is provided. Recently, in CT-RSA 2009, Gao et al. made a very interesting observation that most of the existing schemes possess the following structure. In the off-line phase, a partial signature, called the off-line token is computed first. Upon completion of the on-line phase, the off-line token constitutes part of the full signature. They considered the "off-line token exposure problem" in which the off-line token is exposed in the off-line phase and introduced a new model to capture this scenario. While intuitively the new requirement appears to be a stronger notion, Gao et al. cannot discover a concrete attack on any of the existing schemes under the new model. They regard clarifying the relationship between the models as an open problem. In this paper, we provide an affirmative answer to this open problem. We construct an On-line/Off-line signature scheme, which is secure under the ordinary security model whilst it is insecure in the new model. Specifically, we present a security proof under the old model and a concrete attack of the scheme under the new model. This illustrates that the new model is indeed stronger.