A New Transitive Signature Scheme based on RSA-based Security Assumptions

A transitive signature scheme allows a signer to publish a graph in an authenticated and cost-saving manner. The resulting authenticated graph is indeed the transitive closure of the graph constructed by edges which are explicitly signed by the signer. A property of the transitive signature scheme enables such scenario is called composability which means that by knowing signatures on two edges of a triangle, one can infer to a valid signature on the other edge of the triangle without knowledge of the signer’s secret key thereby saving the signer from signing one signature. Several transitive signature schemes have been proposed so far [1–3]. Their security assumptions are based on the intractability of computing discrete logarithm, inverting RSA function, factoring and solving Diffie-Hellman problem. In this paper, we will present another transitive signature scheme based the Guillou-Quisquater (GQ for short) signature scheme. The security of our proposed can be proven under the assumption that solving the strong RSA problem is hard in case of non-adaptive chosen-message attack. In case of adaptive chosen-message attack, similar to Bellare and Neven’s work [2, 3], we can show that breaking our scheme is as hard as solving the one-more-RSA inversion problem. 1