Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A pseudo-random bit generator based on elliptic logarithms
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Communications of the ACM
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Algebraic aspects of cryptography
Algebraic aspects of cryptography
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Elliptic curves in cryptography
Elliptic curves in cryptography
The Relationship Between Breaking the Diffie--Hellman Protocol and Computing Discrete Logarithms
SIAM Journal on Computing
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Cryptography: Theory and Practice
Cryptography: Theory and Practice
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Elliptic Curve Public Key Cryptosystems
Elliptic Curve Public Key Cryptosystems
Formal Security Proofs for a Signature Scheme with Partial Message Recovery
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Flaws in Applying Proof Methodologies to Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Diffie-Hillman is as Strong as Discrete Log for Certain Primes
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Response to Comments of the NIST Proposed Digital Signature Standard
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Algorithms
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
"Pseudo-Random" Number Generation Within Cryptographic Algorithms: The DDS Case
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Design Validations for Discrete Logarithm Based Signature Schemes
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Some Observations on the Theory of Cryptographic Hash Functions
Designs, Codes and Cryptography
Gradually Convertible Undeniable Signatures
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
On the Equivalence of Generic Group Models
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Non-interactive manual channel message authentication based on eTCR hash functions
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
EURASIP Journal on Wireless Communications and Networking - Special issue on security and resilience for smart devices and applications
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Another look at “provable security”. II
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Discrete-Log-Based signatures may not be equivalent to discrete log
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
ECGSC: elliptic curve based generalized signcryption
UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
On the joint security of encryption and signature in EMV
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
ISC'07 Proceedings of the 10th international conference on Information Security
Efficient, secure, private distance bounding without key updates
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Hi-index | 0.00 |
Proved here is the sufficiency of certain conditions to ensure the Elliptic Curve Digital Signature Algorithm (ECDSA) existentially unforgeable by adaptive chosen-message attacks. The sufficient conditions include (i) a uniformity property and collision-resistance for the underlying hash function, (ii) pseudorandomness in the private key space for the ephemeral private key generator, (iii) generic treatment of the underlying group, and (iv) a further condition on how the ephemeral public keys are mapped into the private key space. For completeness, a brief survey of necessary security conditions is also given. Some of the necessary conditions are weaker than the corresponding sufficient conditions used in the security proofs here, but others are identical. Despite the similarity between DSA and ECDSA, the main result is not appropriate for DSA, because the fourth condition above seems to fail for DSA. (The corresponding necessary condition is plausible for DSA, but is not proved here nor is the security of DSA proved assuming this weaker condition.) Brickell et al. [Vol. 1751 of Lecture Notes in computer Science, pp. 276--292], Jakobsson et al. [Vol. 1976 of Lecture Notes in computer Science, pp. 73--89] and Pointcheval et al. [Vol. 13 of Journal of Cryptology, pp. 361--396] only consider signature schemes that include the ephemeral public key in the hash input, which ECDSA does not do, and moreover, assume a condition on the hash function stronger than the first condition above. This work seems to be the first advance in the provable security of ECDSA.