A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
On the symbolic reduction of processes with cryptographic functions
Theoretical Computer Science
An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Canonical Forms and Unification
Proceedings of the 5th Conference on Automated Deduction
A Tool for Lazy Verification of Security Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
Security of Signature Schemes in a Multi-User Setting
Designs, Codes and Cryptography
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Digital signatures do not guarantee exclusive ownership
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cap unification: application to protocol security modulo homomorphic encryption
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Computing Knowledge in Security Protocols Under Convergent Equational Theories
Journal of Automated Reasoning
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Hi-index | 0.00 |
Key substitution vulnerable signature schemes are signature schemes that permit an intruder, given a public verification key and a signed message, to compute a pair of signature and verification keys such that the message appears to be signed with the new signature key. Schemes vulnerable to this attack thus permit an active intruder to claim to be the issuer of a signed message. In this paper, we investigate and solve positively the problem of the decidability of symbolic cryptographic protocol analysis when the signature schemes employed in the concrete realisation have this property.