Directed Transitive Signature on Directed Tree1
نویسندگان
چکیده
In early 2000’s, Rivest [1,2] and Micali [2] introduced the notion of transitive signature, which allows a third party with public key to generate a valid signature for a composed edge (vi,vk), from the signatures for two edges (vi,v j) and (v j,vk). Since then, a number of works, including [2,3,4,5,6], have been devoted on transitive signatures. Most of them address the undirected transitive signature problem, and the directed transitive signature is still an open problem. S. Hohenberger [4] even showed that a directed transitive signature implies a complex mathematical group, whose existence is still unknown. Recently, a few directed transitive signature schemes [7,8] on directed trees are proposed. The drawbacks of these schemes include: the size of composed signature increases linearly with the number of nested applications of composition and the creating history of composed edge is not hidden properly. This paper presents a RSA-Accumulator [9] based scheme DTTS—a Directed-Tree-Transitive Signature scheme, to address these issues. Like previous works [7,8], DTTS is designed only for directed trees, however, it features with constant (composed) signature size and privacy-preserving property. We prove that DTTS is transitively unforgeable under adaptive chosen message attack in the standard model.
منابع مشابه
On Directed Transitive Signature
In early 2000’s, Rivest [Riv00,MR02] and Micali [MR02] introduced the notion of transitive signature, which allows a third party to generate a valid signature for a composed edge (vi, vk), from the signatures for two edges (vi, vj) and (vj , vk), and using the public key only. Since then, a number of works, including [MR02,BN02,Hoh03,SFSM05,BN05], have been devoted on transitive signatures. Mos...
متن کاملA simple transitive signature scheme for directed trees
Transitive signatures allow a signer to authenticate edges in a graph in such a way that anyone, given the public key and two signatures on adjacent edges (i, j) and (j, k), can compute a third signature on edge (i, k). A number of schemes have been proposed for undirected graphs, but the case of directed graphs remains an open problem. At CT-RSA 2007, Yi presented a scheme for directed trees b...
متن کاملOptimal Data Authentication from Directed Transitive Signatures
An authenticated dictionary of size N is said to be optimal when an update operation or proof computation requires at most O(logN) accesses to the data-structure, and the size of a proof is O(1) with respect to N . In this note we show that an optimal authenticated dictionary (OAD) can be built using transitive signatures for directed graphs (DTS). As the existence of DTS and OAD are both still...
متن کاملThe Cryptographic Impact of Groups with Infeasible Inversion
Algebraic group structure is an important-and often overlooked-tool for constructing and comparing cryptographic applications. Our driving example is the open problem of finding provably secure transitive signature schemes for directed graphs, proposed by Micali and Rivest [41]. A directed transitive signature scheme (DTS) allows Alice to sign a subset of edges on a directed graph in such a way...
متن کاملA Transitive Signature Scheme for Directed Trees
Digital signatures are a way of cryptographically signing data to verify its integrity and authenticity [2]. In most digital signature schemes, the author (let’s call her Alice) signs a messages using a secret key and then publishes the signature and message. A reader can then verify Alice as the author of the complete message without being able to forge a signature of Alice’s on any new messag...
متن کامل