A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Information Theory and Reliable Communication
Information Theory and Reliable Communication
Using write-once memory for database storage
PODS '82 Proceedings of the 1st ACM SIGACT-SIGMOD symposium on Principles of database systems
On the Generation of Cryptographically Strong Pseudo-Random Sequences
Proceedings of the 8th Colloquium on Automata, Languages and Programming
How to reuse a "write - once " memory (Preliminary Version)
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Probabilistic encryption & how to play mental poker keeping secret all partial information
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Coping with errors in binary search procedures (Preliminary Report)
STOC '78 Proceedings of the tenth annual ACM symposium on Theory of computing
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
An efficient I/O interface for optical disks
ACM Transactions on Database Systems (TODS)
How to sign given any trapdoor function
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
How to sign given any trapdoor function
CRYPTO '88 Proceedings on Advances in cryptology
On the design of provably-secure cryptographic hash functions
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
The longtime behavior of solutions to a quasilinear combustion model
Nonlinear Analysis: Theory, Methods & Applications
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Provably Unforgeable Signatures
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent (Extended Abstract)
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
A Security Framework for Card-Based Systems
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
The layered games framework for specifications and analysis of security protocols
International Journal of Applied Cryptography
The layered games framework for specifications and analysis of security protocols
TCC'08 Proceedings of the 5th conference on Theory of cryptography
| Hi-index | 0.00 |
The notion of digital signature based on trapdoor functions has been introduced by Diffie and Hellman[3]. Rivest, Shamir and Adleman[8] gave the first number theoretic implementation of a signature scheme based on a trapdoor function. If f is a trapdoor function and m a message, f−1(m) is the signature of m. The signature can be verified by computing f(f−1(m)) &equil; m. This approach presents the following problems even when f is hard to invert: 1) there may be special message spaces (or subsets of them) that are easy to sign without knowing the trapdoor information 2) it is possible to forge the signature of random numbers; this violates the requirements of many protocols 3) given a polynomial number of signed messages, it may be possible to sign a new one without knowing the trapdoor information. We solve the above problems by exhibiting two signature schemes for which any strategy of an adversary, who has seen all previously signed messages, that has a moderate success in forging even a single additional signature, is transformable to a fast algorithm for factoring or inverting the RSA function. This provably holds for all message spaces with all possible Probability distributions. Thus, in particular, given the signature of m, forging the signature of m+1 or 2m or 2sm is as hard as factoring. The two signature schemes