The Cramer-Shoup Strong-RSASignature Scheme Revisited
نویسنده
چکیده
We discuss a modification of the Cramer-Shoup strong-RSA signature scheme. Our proposal also presumes the strong RSA assumption, but allows faster signing and verification and produces signatures of roughly half the size. Then we present a stateful version of our scheme where signing (but not verifying) becomes almost as efficient as with RSA-PSS. We also show how to turn our signature schemes into “lightweight” anonymous yet linkable group identification protocols without random oracles.
منابع مشابه
How (Not) to design strong-RSA signatures
This paper considers strong-RSA signature schemes built from the scheme of Cramer and Shoup. We present a basic scheme encompassing the main features of the Cramer-Shoup scheme. We analyze its security in both the random oracle model and the standard model. This helps us to spot potential security flaws. As a result, we show that a seemingly secure signature scheme (Int. J. of Security and Netw...
متن کاملUsing Hash Functions as a Hedge against Chosen Ciphertext Attack
The cryptosystem recently proposed by Cramer and Shoup [CS98] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional Diffie-Hellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to base a security proof on a weaker assumption, such as the Computational Diffie-Hellman assumption...
متن کاملThe Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model
In this paper we examine the notion of plaintext awareness as it applies to hybrid encryption schemes. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of fully plaintext-aware encryption schemes.
متن کاملCramer-Shoup is Plaintext-Aware in the Standard Model
In this paper we examine the security criteria for a KEM and a DEM that are sufficient for the overall hybrid encryption scheme to be plaintext-aware in the standard model. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare an...
متن کاملVerifiable Signature Sharing Scheme Based on Strong RSA Assumption
In 2000, Cramer and Shoup presented a signature scheme which is secure against adaptive chosen-message attacks under the strong RSA assumption in the standard model. Then, in 2003, under the strong RSA assumption only, Fischlin produced a signature of roughly half the length. A verifiable signature sharing scheme (VΣS) introduced by Franklin and Reiter in 1995 enables the recipient of a signatu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2002 شماره
صفحات -
تاریخ انتشار 2002