A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
On-line/off-line digital signatures
CRYPTO '89 Proceedings on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The Cramer-Shoup Strong-RSASignature Scheme Revisited
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Modern Cryptography: Theory and Practice
Modern Cryptography: Theory and Practice
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Collision-free accumulators and fail-stop signature schemes without trees
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Security analysis of the Gennaro-Halevi-Rabin signature scheme
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A signature scheme with efficient protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Cryptography in subgroups of Zn
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
New online/offline signature schemes without random oracles
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
An Efficient On-Line/Off-Line Signature Scheme without Random Oracles
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
An Improved Secure Identity-Based On-Line/Off-Line Signature Scheme
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Is the Notion of Divisible On-Line/Off-Line Signatures Stronger than On-Line/Off-Line Signatures?
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
How (Not) to design strong-RSA signatures
Designs, Codes and Cryptography
Online/offline verification of short signatures
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Toward real-life implementation of signature schemes from the strong RSA assumption
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
We propose a family of three efficient digital signature schemes, which are proved secure under the strong RSA assumption without requiring a random oracle. The new signature schemes can operate in an online/offline manner, doing most of their work in the offline precomputation phase. The online phase of even the least efficient variant is very fast, requiring only a single non-modular multiplication of a short (160-bit) value by a longer (1022-bit) value. Online/offline signatures are useful in settings in which signatures need to be produced with few operations, either when there is a large volume of requests or if the device performing the signature is not computationally powerful. Our schemes have extremely low computation cost so are particularly suitable for devices with limited computing capabilities such as smart cards or mobile devices. This paper provides three specific contributions. First, we propose our basic online/offline signature scheme, which could be viewed as the online/offline extension of the Camenisch-Lysyanskaya (CL) signature scheme. Compared to using the general Shamir-Tauman technique for converting the CL signature scheme into one that operates in an online/offline fashion, our direct adaptation has the same online efficiency, while having advantages of a more efficient offline phase, simpler key management that only requires one keypair, and a shorter signature. In addition, when used as a traditional one-phase signature our basic scheme is more efficient than the Camenisch-Lysyanskaya scheme, due to our operation restructuring. While this first scheme has advantages over using the Shamir-Tauman/Camenisch-Lysyanskaya construction, we describe two additional techniques that further improve efficiency of both online and offline phases. Our first improvement uses computations over a small subgroup of Zn*to reduce the size of the required computations. Our second improvement uses division intractable hash functions to remove the requirement of generating random primes for use in this class of signature schemes. As we present these three schemes, each one is more efficient than the previous one, but requires increasingly strong complexity assumptions.