New Online/Offline Signature Schemes Without Random Oracles

In this paper, we propose new signature schemes provably secure under the strong RSA assumption in the standard model. Our proposals utilize Shamir-Tauman's generic construction for building EF-CMA secure online/offline signature schemes from trapdoor commitments and less secure basic signature schemes. We introduce a new natural intractability assumption for hash functions, which can be interpreted as a generalization of second pre-image collision resistance. Assuming the validity of this assumption, we are able to construct new signature schemes provably secure under the strong RSA assumption without random oracles. In contrast to Cramer-Shoup's signature scheme based on strong RSA in the standard model, no costly generation of prime numbers is required for the signer in our proposed schemes. Moreover, the security of our schemes relies on weaker assumptions placed on the hash function than Gennaro, Halevi and Rabin's solution.

[1]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[2]  Jean-Sébastien Coron,et al.  Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme , 2000, EUROCRYPT.

[3]  Victor Shoup On the Security of a Practical Identification Scheme , 1996, EUROCRYPT.

[4]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[5]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[6]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[7]  Ran Canetti,et al.  On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes , 2004, TCC.

[8]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[9]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[10]  Gary L. Miller Riemann's Hypothesis and Tests for Primality , 1976, J. Comput. Syst. Sci..

[11]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[12]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[13]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[14]  Joos Vandewalle,et al.  Advances in Cryptology - CRYPTO 1994 , 1994 .

[15]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[16]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[17]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[18]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[19]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[20]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[21]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[22]  Aggelos Kiayias,et al.  Efficient Secure Group Signatures with Dynamic Joins and Keeping Anonymity Against Group Managers , 2005, Mycrypt.

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Tsuyoshi Takagi,et al.  Paillier's Cryptosystem Modulo p2q and Its Applications to Trapdoor Commitment Schemes , 2005, Mycrypt.

[25]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..