论文信息 - On Directed Transitive Signature

On Directed Transitive Signature

In early 2000’s, Rivest [Riv00,MR02] and Micali [MR02] introduced the notion of transitive signature, which allows a third party to generate a valid signature for a composed edge (vi, vk), from the signatures for two edges (vi, vj) and (vj , vk), and using the public key only. Since then, a number of works, including [MR02,BN02,Hoh03,SFSM05,BN05], have been devoted on transitive signatures. Most of them address the undirected transitive signature problem, and the directed transitive signature is still an open problem. S. Hohenberger [Hoh03] even showed that a directed transitive signature implies a complex mathmatical group, whose existence is still unkown. Recently, a few directed transitive signature schemes [Yi07,Nev08] on directed trees are proposed. The drawbacks of these schemes include: the size of composed signature increases linearly with the number of recursive applications of composition and the creating history of composed edge is not hidden properly. This paper presents DT T S—a Directed -Tree-Transitive Signature scheme, to address these issues. Like previous works [Yi07,Nev08], DT T S is designed only for directed trees, however, it features with constant (composed) signature size and privacy preserving property. G. Neven [Nev08] pointed out constant signature size is an essential requirement of the original directed transitive signature problem raised by Rivest and Micali. In this sense, our scheme DT T S is the first transitive signature scheme on a directed tree. We also prove that DT T S is transitively unforgeable under adaptive chosen message attack in the standard model.

Jia Xu

[1] Mihir Bellare,et al. Transitive Signatures Based on Factoring and RSA , 2002, ASIACRYPT.

[2] Dawn Xiaodong Song,et al. Homomorphic Signature Schemes , 2002, CT-RSA.

[3] Shai Halevi,et al. Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[4] Mahmoud Salmasizadeh,et al. A Provably Secure Short Transitive Signature Scheme from Bilinear Group Pairs , 2004, SCN.

[5] Gregory Neven. A simple transitive signature scheme for directed trees , 2008, Theor. Comput. Sci..

[6] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7] Silvio Micali,et al. Transitive Signature Schemes , 2002, CT-RSA.

[8] Susan Rae Hohenberger,et al. The cryptographic impact of groups with infeasible inversion , 2003 .

[9] Zhenfu Cao,et al. Transitive Signatures from Braid Groups , 2007, INDOCRYPT.

[10] Xun Yi,et al. SECURITY OF KUWAKADO-TANAKA TRANSITIVE SIGNATURE SCHEME FOR DIRECTED TREES , 2004 .

[11] Gene Tsudik,et al. Sanitizable Signatures , 2005, ESORICS.

[12] Hidenori Kuwakado,et al. Transitive Signature Scheme for Directed Trees , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13] Mihir Bellare,et al. Transitive signatures: new schemes and proofs , 2005, IEEE Transactions on Information Theory.

[14] Xun Yi. Directed Transitive Signature Scheme , 2007, CT-RSA.

[15] Jia Xu,et al. Short Redactable Signatures Using Random Trees , 2009, CT-RSA.