A Digital Signature Scheme Secure Against Adaptive Chosen - Message Attacks * ( Revision March 23 , 1995 )
نویسندگان
چکیده
Shafi Goldwasser∗∗ Silvio Micali∗∗ Ronald L. Rivest ∗∗ Abstract We present a digital signature scheme based on the computational difficulty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of having forgery being equivalent to factoring and being invulnerable to an adaptive chosen-message attack were considered in the folklore to be contradictory. More generally, we show how to construct a signature scheme with such properties based on the existence of a “claw-free” pair of permutations – a potentially weaker assumption than the intractibility of integer factorization. The new scheme is potentially practical: signing and verifying signatures are reasonably fast, and signatures are compact.
منابع مشابه
An Identity-Based Ring Signcryption Scheme
Signcryption enables a user to perform digital signature for providing authenticity and public key encryption for providing message confidentiality simultaneously in a single logical step with a cost lesser than sign-thenencrypt approach. As the concept of ring signcryption emerged, various practical applications like electronic transaction protocol and key management protocols, felt the requir...
متن کاملCs - R 9529 1995
Even, Goldreich and Micali showed at Crypto'89 that the existence of signature schemes secure against known message attacks implies the existence of schemes secure against adaptively chosen message attacks. Unfortunately, this transformation leads to a rather impractical scheme. We exhibit a similar security ampliication, which takes the given scheme to a new signature scheme that is not even e...
متن کاملA New Digital Signature Scheme and its Application to aPractical
This paper introduces a new digital signature scheme that is provably secure against adaptive chosen message attacks provided the so-called Strong RSA Assumption holds. This signature scheme leads to a new coalition-resistant group signature scheme that is signiicantly more eecient than the previously known schemes with the same security properties .
متن کاملCertificate-Based Secure Three-Party Signcryption Scheme with Low Costs
A signcryption scheme combining public key encryption and digital signatures can simultaneously satisfy the security requirements of confidentiality, integrity, authenticity and non-repudiation. In a three-party communication environment, a message signcrypted by one party might have to be securely delivered to the other two and they usually independently decrypt the ciphertext and verify recov...
متن کاملAn Improved Identity-Based Multi-Proxy Multi-Signature Scheme
In a multi-proxy multi-signature scheme, a group of original signers can delegate the signing rights to a group of proxy signers. All proxy signers cooperatively sign messages on behalf of the original group. Recently, Sahu and Padhye proposed an identity-based multi-proxy multi-signature (IBMPMS) scheme which was claimed to be secure against existential forgery on adaptive chosen-message and a...
متن کامل