Fail-Stop Signatures
نویسندگان
چکیده
Fail-stop signatures can briefly be characterized as digital signatures that allow the signer to prove that a given forged signature is indeed a forgery. After such a proof has been published, the system can be stopped. This type of security is strictly stronger than that achievable with ordinary digital signatures as introduced by Diffie and Hellman in 1976 and formally defined by Goldwasser, Micali, and Rivest in 1988, which was widely regarded as the strongest possible definition. This paper formally defines fail-stop signatures and shows their relation to ordinary digital signatures. A general construction and actual schemes derived from it follow. They are efficient enough to be used in practice. Next, we prove lower bounds on the efficiency of any fail-stop signature scheme. In particular, we show that the number of secret random bits needed by the signer, the only parameter where the complexity of all our constructions deviates from ordinary digital signatures by more than a small constant factor, cannot be reduced significantly.
منابع مشابه
Signatures dont des falsifications sont prouvables , et leur application – – – – – – – – Fail - stop Signatures and their Application
The unforgeability of conventional digital signatures is necessarily based on complexity theoretic assumptions, i.e. even the most secure schemes can be broken by an adversary with unexpected computing abilities. Thus we introduce fail-stop signatures: They are as unforgeable as the best conventional signatures, but if a signature is forged nevertheless, the supposed signer can prove the forger...
متن کاملFail-Stop Signatures Without Trees
We construct the first fail-stop signature scheme where neither the signature length nor the length of the public key grows as a function of the number of messages that can be signed with one key. The computation needed for signing and testing is reduced similarly. This removes one of the main differences between the complexity of ordinary signature schemes and previous fail-stop signature sche...
متن کاملFail-stop Signatures; Principles and Applications
Digital signatures are necessary wherever legal certainty is to be achieved for digital message exchange. However, the unforgeability of conventional digital signatures is necessarily based on complexity theoretic assumptions. That is, even the most secure schemes can be broken by an adversary with unexpected computing abilities, e.g., one who can factor unexpectedly large numbers. Fail-stop si...
متن کاملNew Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract)
With a fail-stop signature scheme, the supposed signer of a forged signature can prove to everybody else that it was a forgery. Thus the signer is secure even against computationally unrestricted forgers. Until recently, efficient constructions were only known for restricted cases, but at Eurocrypt ’92, van Heijst and Pedersen presented an efficient general scheme, where the unforgeability is b...
متن کاملEfficient Fail-Stop Signatures from the Factoring Assumption
In this paper, we revisit the construction of fail-stop signatures from the factoring assumption. These signatures were originally proposed to provide information-theoretic-based security against forgeries. In contrast to classical signature schemes, in which signers are protected through a computational conjecture, fail-stop signature schemes protect the signers in an information theoretic sen...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- SIAM J. Comput.
دوره 26 شماره
صفحات -
تاریخ انتشار 1997