Generic Transformation to Strongly Unforgeable Signatures

Recently, there are several generic transformation techniques proposed for converting unforgeable signature schemes (the message in the forgery has not been signed yet) into strongly unforgeable ones (the message in the forgery could have been signed previously). Most of the techniques are based on trapdoor hash functions and all of them require adding supplementary components onto the original key pair of the signature scheme. In this paper, we propose a new generic transformation which converts anyunforgeable signature scheme into a strongly unforgeable one, and also keeps the key pair of the signature scheme unchanged. Our technique is based on strong one-time signature schemes. We show that they can be constructed efficiently from any one-time signature scheme that is based on one-way functions. The performance of our technique also compares favorably with that of those trapdoor-hash-function-based ones. In addition, this new generic transformation can also be used for attaining strongly unforgeable signature schemes in other cryptographic settings which include certificateless signature, identity-based signature, and several others. To the best of our knowledge, similar extent of versatility is not known to be supported by any of those comparable techniques. Finally and of independent interest, we show that our generic transformation technique can be modified to an on-line/off-linesignature scheme, which possesses a very efficient signing process.

[1]  Ron Steinfeld,et al.  How to Strengthen Any Weakly Unforgeable Signature into a Strongly Unforgeable Signature , 2007, CT-RSA.

[2]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[3]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[4]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[5]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[6]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, Journal of Cryptology.

[7]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[8]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[9]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[10]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[13]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[14]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[15]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[16]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[17]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[18]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[19]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[20]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[21]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[22]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[23]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[24]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[25]  Isamu Teranishi,et al.  General Conversion for Obtaining Strongly Existentially Unforgeable Signatures , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[28]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[29]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.