How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Flaws in Applying Proof Methodologies to Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Security analysis of the Gennaro-Halevi-Rabin signature scheme
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A closer look at PKI: security and efficiency
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Fully anonymous group signatures without random oracles
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
| Hi-index | 0.00 |
Digital signature security is classically defined as an interaction between a signer , a verifier and an attacker $\mathcal{A}$. $\mathcal{A}$ submits adaptively to a sequence of messages m1,…,mq to which replies with the signatures U={σ1,…,σq}. Given U, $\mathcal{A}$ attempts to produce a forgery, i.e. a pair (m′,σ′) such that and $\sigma'\not\in U$. The traditional approach consists in hardening against a large query bound q. Interestingly, this is one specific way to prevent $\mathcal{A}$ from winning the forgery game. This work explores an alternative option. Rather than hardening , we weaken $\mathcal{A}$ by preventing him from influencing 's input: upon receiving mi, will generate a fresh ephemeral signature key-pair , use to sign mi, erase , and output the signature and a certificate on computed using the long-term key . In other words, will only use his permanent secret to sign inputs which are beyond $\mathcal{A}$'s control (namely, freshly generated public-keys). As the are ephemeral, q=1 by construction. We show that this paradigm, called autotomic signatures, transforms weakly secure signature schemes (secure against generic attacks only) into strongly secure ones (secure against adaptively chosen-message attacks). As a by-product of our analysis, we show that blending public key information with the signed message can significantly increase security.