How to strengthen any weakly unforgeable signature into a strongly unforgeable signature

  • Authors:
  • Ron Steinfeld;Josef Pieprzyk;Huaxiong Wang

  • Affiliations:
  • Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Dept. of Computing, Macquarie University, North Ryde, Australia;Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Dept. of Computing, Macquarie University, North Ryde, Australia;Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Dept. of Computing, Macquarie University, North Ryde, Australia

  • Venue:
  • CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Standard signature schemes are usually designed only to achieve weak unforgeability – i.e. preventing forgery of signatures on new messages not previously signed. However, most signature schemes are randomised and allow many possible signatures for a single message. In this case, it may be possible to produce a new signature on a previously signed message. Some applications require that this type of forgery also be prevented – this requirement is called strong unforgeability. At PKC2006, Boneh Shen and Waters presented an efficient transform based on any randomised trapdoor hash function which converts a weakly unforgeable signature into a strongly unforgeable signature and applied it to construct a strongly unforgeable signature based on the CDH problem. However, the transform of Boneh et al only applies to a class of so-called partitioned signatures. Although many schemes fall in this class, some do not, for example the DSA signature. Hence it is natural to ask whether one can obtain a truly generic efficient transform based on any randomised trapdoor hash function which converts any weakly unforgeable signature into a strongly unforgeable one. We answer this question in the positive by presenting a simple modification of the Boneh-Shen-Waters transform. Our modified transform uses two randomised trapdoor hash functions.