A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
New Generation of Secure and Practical RSA-Based Signatures
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
On Concrete Security Treatment of Signatures Derived from Identification
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Short Signatures in the Random Oracle Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Reputation-based Wi-Fi deployment
ACM SIGMOBILE Mobile Computing and Communications Review
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Reversible Watermarking with Subliminal Channel
Information Hiding
Leaky Random Oracle (Extended Abstract)
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Salvaging Merkle-Damgård for Practical Applications
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
PSS Is Secure against Random Fault Attacks
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Practical Broadcast Authentication Using Short-Lived Signatures in WSNs
Information Security Applications
On the exact security of multi-signature schemes based on RSA
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
On the power of claw-free permutations
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Proving tight security for Rabin-Williams signatures
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Security of digital signature schemes in weakened random oracle models
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
On the impossibility of instantiating PSS in the standard model
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Security of practical cryptosystems using Merkle-Damgård hash function in the ideal cipher model
ProvSec'11 Proceedings of the 5th international conference on Provable security
Modulus fault attacks against RSA-CRT signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Anonymous credentials from (indexed) aggregate signatures
Proceedings of the 7th ACM workshop on Digital identity management
Formal security model of multisignatures
ISC'06 Proceedings of the 9th international conference on Information Security
Another look at “provable security”. II
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
On the security of probabilistic multisignature schemes and their optimality
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
A generic scheme based on trapdoor one-way permutations with signatures as short as possible
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
New signature schemes with coupons and tight reduction
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Communication-efficient non-interactive proofs of knowledge with online extractors
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the generic insecurity of the full domain hash
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
An efficient CDH-based signature scheme with a tight security reduction
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the impossibility of three-move blind signature schemes
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
A practical optimal padding for signature schemes
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Fault attacks against EMV signatures
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Separating short structure-preserving signatures from non-interactive assumptions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Cryptography and Security
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
On the public indifferentiability and correlation intractability of the 6-round feistel construction
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Group to group commitments do not shrink
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Optimal security proofs for full domain hash, revisited
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
On the exact security of schnorr-type signatures in the random oracle model
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Waters signatures with optimal security reduction
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Strong security from probabilistic signature schemes
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Generalized first pre-image tractable random oracle model and signature schemes
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Sequential aggregate signatures with lazy verification from trapdoor permutations
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Updated recommendations for blinded exponentiation vs. single trace analysis
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
| Hi-index | 0.00 |
The Probabilistic Signature Scheme (PSS) designed by Bellare and Rogaway is a signature scheme provably secure against chosen message attacks in the random oracle model, whose security can be tightly related to the security of RSA. We derive a new security proof for PSS in which a much shorter random salt is used to achieve the same security level, namely we show that log2 qsig bits suffice, where qsig is the number of signature queries made by the attacker. When PSS is used with message recovery, a better bandwidth is obtained because longer messages can now be recovered. In this paper, we also introduce a new technique for proving that the security proof of a signature scheme is optimal. In particular, we show that the size of the random salt that we have obtained for PSS is optimal: if less than log2 qsig bits are used, then PSS is still provably secure but it cannot have a tight security proof. Our technique applies to other signature schemes such as the Full Domain Hash scheme and Gennaro-Halevi-Rabin's scheme, whose security proofs are shown to be optimal.