Note: A simple transitive signature scheme for directed trees
Theoretical Computer Science
Transitive signatures from braid groups
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Separation results on the "one-more" computational problems
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Bounded vector signatures and their applications
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Directed transitive signature scheme
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Short transitive signatures for directed trees
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Computing on authenticated data
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Generalized key delegation for hierarchical identity-based encryption
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A new definition of homomorphic signature for identity management in mobile cloud computing
Journal of Computer and System Sciences
Slight Homomorphic Signature for Access Controlling in Cloud Computing
Wireless Personal Communications: An International Journal
| Hi-index | 754.84 |
We present novel realizations of the transitive signature primitive introduced by Micali and Rivest, enlarging the set of assumptions on which this primitive can be based, and also providing performance improvements over existing schemes. More specifically, we propose new schemes based on factoring, the hardness of the one-more discrete logarithm problem, and gap Diffie-Hellman (DH) groups. All these schemes are proven transitively unforgeable under adaptive chosen-message attack in the standard (not random-oracle) model. We also provide an answer to an open question raised by Micali and Rivest regarding the security of their Rivest-Shamir-Adleman (RSA)-based scheme, showing that it is transitively unforgeable under adaptive chosen-message attack assuming the security of RSA under one-more inversion. We then present hash-based modifications of the RSA, factoring, and gap Diffie-Hellman based schemes that eliminate the need for "node certificates" and thereby yield shorter signatures. These modifications remain provably secure under the same assumptions as the starting scheme, in the random oracle model.