How (Not) to design strong-RSA signatures
نویسنده
چکیده
This paper considers strong-RSA signature schemes built from the scheme of Cramer and Shoup. We present a basic scheme encompassing the main features of the Cramer-Shoup scheme. We analyze its security in both the random oracle model and the standard model. This helps us to spot potential security flaws. As a result, we show that a seemingly secure signature scheme (Int. J. of Security and Networks, 2006) is universally forgeable under a known-message attack. In a second step, we discuss how to turn the basic scheme into a fully secure signature scheme. Doing so, we rediscover several known schemes (or slight variants thereof).
منابع مشابه
The Cramer-Shoup Strong-RSASignature Scheme Revisited
We discuss a modification of the Cramer-Shoup strong-RSA signature scheme. Our proposal also presumes the strong RSA assumption, but allows faster signing and verification and produces signatures of roughly half the size. Then we present a stateful version of our scheme where signing (but not verifying) becomes almost as efficient as with RSA-PSS. We also show how to turn our signature schemes ...
متن کاملShort and Stateless Signatures from the RSA Assumption
We present the first signature scheme which is “short”, stateless and secure under the RSA assumption in the standard model. Prior short, standard model signatures in the RSA setting required either a strong complexity assumption such as Strong RSA or (recently) that the signer maintain state. A signature in our scheme is comprised of one element in ZN and one integer. The public key is also sh...
متن کاملShort Signatures Without Random Oracles
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Diffie-Hellman assumption. This assumption has similar properties to the Strong RSA assumption, hence the name. Strong RSA was previously used to construct signature schemes withou...
متن کاملDigital Signatures from Strong RSA without Prime Generation
We construct a signature scheme that is proved secure, without random oracles, under the strong RSA assumption. Unlike other efficient strong-RSA based schemes, the new scheme does not generate large prime numbers during signing. The public key size and signature size are competitive with other strong RSA schemes, but verification is less efficient. The new scheme adapts the prefix signing tech...
متن کاملRealizing Hash-and-Sign Signatures under Standard Assumptions
Currently, there are relatively few instances of “hash-and-sign” signatures in the standard model. Moreover, most current instances rely on strong and less studied assumptions such as the Strong RSA and q-Strong Diffie-Hellman assumptions. In this paper, we present a new approach for realizing hash-and-sign signatures in the standard model. In our approach, a signer associates each signature wi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Des. Codes Cryptography
دوره 59 شماره
صفحات -
تاریخ انتشار 2011