Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles

Authors:
Mihir Bellare;Sarah Shoup
Affiliations:
Department of Computer Science and Engineering, University of California San Diego, La Jolla, CA;Department of Computer Science and Engineering, University of California San Diego, La Jolla, CA
Venue:
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Year:
2007

Citing 28
Cited 30

Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Zero-knowledge proofs of identity

Journal of Cryptology
Universal one-way hash functions and their cryptographic applications

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Witness indistinguishable and witness hiding protocols

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
On the Composition of Zero-Knowledge Proof Systems

SIAM Journal on Computing
Accountable-subgroup multisignatures: extended abstract

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Nonmalleable Cryptography

SIAM Journal on Computing
Efficient Identity Based Signature Schemes Based on Pairings

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Escure Signature Schemes based on Interactive Protocols

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
On Concrete Security Treatment of Signatures Derived from Identification

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On the Efficiency of One-Time Digital Signatures

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
An Identity-Based Signature from Gap Diffie-Hellman Groups

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
On the (In)security of the Fiat-Shamir Paradigm

FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions

Journal of Cryptology
Security proofs for signature schemes

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
General conversion for obtaining strongly existentially unforgeable signatures

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Chosen-ciphertext security of multiple encryption

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Efficient identity-based encryption without random oracles

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strongly unforgeable signatures based on computational diffie-hellman

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Generic Transformation to Strongly Unforgeable Signatures

ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Sanitizable Signatures Revisited

CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Hash Functions from Sigma Protocols and Improvements to VSH

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Strong unforgeability in group signature schemes

Computer Standards & Interfaces
Publicly Verifiable Privacy-Preserving Group Decryption

Information Security and Cryptology
Generic security-amplifying methods of ordinary digital signatures

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

International Journal of Applied Cryptography
Short generic transformation to strongly unforgeable signature in the standard model

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
A timed-release proxy re-encryption scheme and its application to fairly-opened multicast communication

ProvSec'10 Proceedings of the 4th international conference on Provable security
Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model

Journal of Computer Science and Technology
One-time signatures and Chameleon hash functions

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Generic transformation from weakly to strongly unforgeable signatures

Journal of Computer Science and Technology
Short convertible undeniable signature in the standard model

ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Strongly unforgeable proxy signature scheme secure in the standard model

Journal of Systems and Software
Adaptive secure-channel free public-key encryption with keyword search implies timed release encryption

ISC'11 Proceedings of the 14th international conference on Information security
Non-interactive opening for ciphertexts encrypted by shared keys

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Dynamic attribute-based signcryption without random oracles

International Journal of Applied Cryptography
Unlinkability of sanitizable signatures

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Dynamic attribute-based signcryption without random oracles

International Journal of Applied Cryptography
Generic security-amplifying methods of ordinary digital signatures

Information Sciences: an International Journal
Strong security from probabilistic signature schemes

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Public key encryption against related key attacks

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
ID based signcryption scheme in standard model

ProvSec'12 Proceedings of the 6th international conference on Provable Security
Constant-Size structure-preserving signatures: generic constructions and simple assumptions

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Practical certificateless public key encryption in the standard model

NSS'12 Proceedings of the 6th international conference on Network and System Security
Short and efficient convertible undeniable signature schemes without random oracles

Theoretical Computer Science
A CCA-Secure identity-based conditional proxy re-encryption without random oracles

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Using SMT solvers to automate design tasks for encryption and signature schemes

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Simultaneous authentication and secrecy in identity-based data upload to cloud

Cluster Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We provide a positive result about the Fiat-Shamir (FS) transform in the standard model, showing how to use it to convert threemove identification protocols into two-tier signature schemes with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. We can show that numerous protocols have the required properties and so obtain numerous efficient two-tier schemes. Our first application is a two-tier scheme based transform of any unforgeable signature scheme into a strongly unforgeable one. (This extends Boneh, Shen and Waters [8] whose transform only applies to a limited class of schemes.) The second application is new one-time signature schemes that, compared to one-way function based ones of the same computational cost, have smaller key and signature sizes.