How to Break and Repair a Universally Composable Signature Functionality
نویسندگان
چکیده
Canetti and Rabin recently proposed a universally composable ideal functionality FSIG for digital signatures. We show that this functionality cannot be securely realized by any signature scheme, thereby disproving their result that any signature scheme that is existentially unforgeable under adaptive chosen-message attack is a secure realization. Next, an improved signature functionality is presented. We show that our improved functionality can be securely realized by precisely those signature schemes that are secure against existential forgery under adaptive chosen-message attacks.
منابع مشابه
Round-Optimal Composable Blind Signatures in the Common Reference String Model
We build concurrently executable blind signatures schemes in the common reference string model, based on general complexity assumptions, and with optimal round complexity. Namely, each interactive signature generation requires the requesting user and the issuing bank to transmit only one message each. We also put forward the definition of universally composable blind signature schemes, and show...
متن کاملUniversally Composable Blind Signatures in the Plain Model
In the universal composability framework, we define an ideal functionality for blind signatures, as an alternative to a functionality recently proposed by Fischlin. Fischlin proves that his functionality cannot be realized in the plain model, but this result does not apply to our functionality. We show that our functionality is realized in the plain model by a blind signature protocol if and on...
متن کاملUniversally Composable (Non-Interactive) Two-Party Computation from Untrusted Reusable Hardware Tokens
Universally composable protocols provide security even in highly complex environments like the Internet. Without setup assumptions, however, UC-secure realizations of cryptographic tasks are impossible. To achieve efficient protocols, practical setup assumptions are needed. Tamper-proof hardware tokens, e.g. smart cards and USB tokens, can be used for this purpose. Apart from the fact that they...
متن کاملOn Symbolic Analysis of Cryptographic Protocols
The universally composable symbolic analysis (UCSA) framework layers Dolev-Yao style symbolic analysis on top of the universally composable (UC) secure framework to construct computationally sound proofs of cryptographic protocol security. The original proposal of the UCSA framework by Canetti and Herzog (2004) focused on protocols that only use public key encryption to achieve 2-party mutual a...
متن کاملA Framework for Universally Composable Non-committing Blind Signatures
This paper studies non-committing type of universally composable (UC) blind signature protocols where an adversary does not necessarily commit to a message when requesting a signature. An ordinary UC blind signature functionality requires users to commit to the message to be blindly signed. It is thereby impossible to realise in the plain model. This paper first shows that even non-committing v...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2003 شماره
صفحات -
تاریخ انتشار 2003