An Improvement of the Fiat-Shamir Identification and Signature Scheme
نویسندگان
چکیده
In 1986 Fiat and Shamir exhibited zero-knowledge based identification and digital Signature schemes which require only 10 to 30 modular multiplications per party. In this paper we describe an improvement of this scheme which reduces the verifier’s complexity to less than 2 modular multiplications and leaves the prover’s complexity unchanged. The new variant is particularly useful when a central computer has to verify in real time signed messages from thousands of remote terminals, or when the same signature has to be repeatedly verified.
منابع مشابه
On the (In)security of the Fiat-Shamir Paradigm
In 1986, Fiat and Shamir proposed a general method for transforming secure -round public-coin identification schemes into digital signature schemes. The idea of the transformation was to replace the random message of the verifier in the identification scheme, with the value of some deterministic“hash” function evaluated on various quantities in the protocol and on the message to be signed. The ...
متن کاملAttribute-Based Signatures without Pairings by the Fiat-Shamir Transformation
We propose an attribute-based signature scheme (ABS) with features of pairing-free, short signatures and security proof in the random oracle model. Our strategy is in the Fiat-Shamir paradigm; we first provide a concrete procedure of the Σ-protocol which enables a prover to prove possession of witnesses that satisfy a statement of a monotone boolean formula. Next, using a signature bundle schem...
متن کاملFrom Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security
The Fiat-Shamir paradigm for transforming identification schemes into signature schemes has been popular since its introduction because it yields efficient signature schemes, and has been receiving renewed interest of late as the main tool in deriving forward-secure signature schemes. In this paper, minimal (meaning necessary and sufficient) conditions on the identification scheme to ensure sec...
متن کاملAttacks on the Fiat-Shamir paradigm and program obfuscation
The goal of cryptography is to construct secure and efficient protocols for various tasks. Unfortunately, it is often the case that protocols that are provably secure are not efficient enough for practical use. As a result, most protocols used in practice are heuristics that lack a proof of security. These heuristics are typically very efficient and are believed to be secure, though no proof of...
متن کاملFast Signature Generation with aFiat
We propose two improvements to the Fiat Shamir authentication and signature scheme. We reduce the communication of the Fiat Shamir authentication scheme to a single round while preserving the eeciency of the scheme. This also reduces the length of Fiat Shamir signatures. Using secret keys consisting of small integers we reduce the time for signature generation by a factor 3 to 4. We propose a v...
متن کامل