How to find and avoid collisions for the knapsack hash function
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Security of Blind Discrete Log Signatures against Interactive Attacks
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A novel ID-based designated verifier signature scheme
Information Sciences: an International Journal
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Hi-index | 0.07 |
We enhance the security of Schnorr blind signatures against the novel one-more-forgery of C.P. Schnorr [Security of blind discrete log signatures against interactive attacks, in: ICICS 2001, LNCS, vol. 2229, 2001, Springer-Verlag, Berlin, pp. 1-12] and D. Wagner [A generalized birthday problem, in: Proceedings Crypto'02, LNCS, vol. 2442, Springer-Verlag, Berlin, 2002, pp. 288-303] which is possible even if the discrete logarithm is hard to compute. We show two limitations of this attack. Firstly, replacing the group G by the s-fold direct product G^x^s increases the work of the attack, for a given number of signer interactions, to the s-power while increasing the work of the blind signature protocol merely by a factor s. Secondly, we bound the number of additional signatures per signer interaction that can be efficiently forged by known methods. That fraction of the additional forged signatures can be made arbitrarily small. Our security proofs assume both the random oracle and the generic group model.