An Efficient Construction for Fail-Stop Signature for Long Messages
نویسندگان
چکیده
The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.
منابع مشابه
Fail-Stop Signatures Without Trees
We construct the first fail-stop signature scheme where neither the signature length nor the length of the public key grows as a function of the number of messages that can be signed with one key. The computation needed for signing and testing is reduced similarly. This removes one of the main differences between the complexity of ordinary signature schemes and previous fail-stop signature sche...
متن کاملNew Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract)
With a fail-stop signature scheme, the supposed signer of a forged signature can prove to everybody else that it was a forgery. Thus the signer is secure even against computationally unrestricted forgers. Until recently, efficient constructions were only known for restricted cases, but at Eurocrypt ’92, van Heijst and Pedersen presented an efficient general scheme, where the unforgeability is b...
متن کاملEfficient Fail-Stop Signatures from the Factoring Assumption
In this paper, we revisit the construction of fail-stop signatures from the factoring assumption. These signatures were originally proposed to provide information-theoretic-based security against forgeries. In contrast to classical signature schemes, in which signers are protected through a computational conjecture, fail-stop signature schemes protect the signers in an information theoretic sen...
متن کاملConvertible limited (multi-) verifier signature: new constructions and applications
A convertible limited (multi-) verifier signature (CL(M)VS) provides controlled verifiability and preserves the privacy of the signer. Furthermore, limited verifier(s) can designate the signature to a third party or convert it into a publicly verifiable signature upon necessity. In this proposal, we first present a generic construction of convertible limited verifier signature (CLVS) into which...
متن کاملFail-Stop Signatures
Fail-stop signatures can briefly be characterized as digital signatures that allow the signer to prove that a given forged signature is indeed a forgery. After such a proof has been published, the system can be stopped. This type of security is strictly stronger than that achievable with ordinary digital signatures as introduced by Diffie and Hellman in 1976 and formally defined by Goldwasser, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. Inf. Sci. Eng.
دوره 17 شماره
صفحات -
تاریخ انتشار 2001