Secure Hash-and-Sign Signatures Without the Random Oracle

We present a new signature scheme which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture. This scheme is not based on "signature trees", and instead it uses the so called "hash-and-sign" paradigm. It is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable (although non-standard). In particular, we do not model this function as a random oracle. We construct our proof of security in steps. First we describe and prove a construction which operates in the random oracle model. Then we show that the random oracle in this construction can be replaced by a hash function which satisfies some strong (but well defined!) computational assumptions. Finally, we demonstrate that these assumptions are reasonable, by proving that a function satisfying them exists under standard intractability assumptions.

[1]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[2]  Hugo Krawczyk,et al.  Chameleon Hashing and Signatures , 1998, IACR Cryptol. ePrint Arch..

[3]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[4]  Colin Boyd Digital signature and public key cryptosystems in a prime order subgroup of Zn* , 1997, ICICS.

[5]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[6]  Moni Naor,et al.  An Efficient Existentially Unforgeable Signature Scheme and Its Applications , 1994, Journal of Cryptology.

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[10]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[11]  C. Dwork,et al.  An Eecient Existentially Unforgeable Signature Scheme and Its Applications , 1994 .

[12]  Arjen K. Lenstra,et al.  Algorithms in Number Theory , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[13]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[14]  Ivan Damgård,et al.  New Generation of Secure and Practical RSA-Based Signatures , 1996, CRYPTO.

[15]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[16]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[17]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[18]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[19]  Tal Rabin,et al.  An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products , 1998, CCS '98.

[20]  ShamirAdi On the generation of cryptographically strong pseudorandom sequences , 1983 .

[21]  Hung-Min Sun,et al.  On the Security of Some Variants of the RSA Signature Scheme , 1998, ESORICS.

[22]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[23]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..