Factorization-Based Fail-Stop Signatures Revisited

Fail-stop signature (FSS) schemes are important primitives because in a fail-stop signature scheme the signer is protected against unlimited powerful adversaries as follows: Even if an adversary breaks the scheme’s underlying computational hard problem and hence forges a signature, then with overwhelming probability the signer is able to prove that a forgery has occurred (i.e. that the underlying hard problem has been broken). Although there is a practical FSS scheme based on the Discrete Logarithm problem, no provable secure FSS scheme is known that is based on the pure factorization problem (i.e. the assumption that integer factoring for arbitrary integers is hard). To be more concrete, the most popular factorization based FSS scheme relies on the assumption that factoring a special kind of Blum integers is intractable. All other FSS schemes related to integer factoring are based on even stronger assumptions or insecure. In this paper, we first cryptanalyze one of those schemes and show how to construct forged signatures that don’t enable the signer to prove forgery. Then we repair the scheme at the expense of a reduced message space. Finally, we develop a new provable secure scheme based on the difficulty of factoring integers of the shape pq for primes p, q.