Proving Tight Security for Rabin-Williams Signatures

This paper proves "tight security in the random-oracle model relative to factorization" for the lowest-cost signature systems available today: every hash-generic signature-forging attack can be converted, with negligible loss of efficiency and effectiveness, into an algorithm to factor the public key. The most surprising system is the "fixed unstructured B-0 Rabin-williams" system, which has a tight security proof despite hashing unrandomized messages.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Tatsuaki Okamoto Topics in cryptology - CT-RSA 2004 : the Cryptographers' Track at the RSA Conference 2004, San Francisco, CA, USA, February 23-27, 2004 : proceedings , 2004 .

[3]  John Sullivan,et al.  Another Look at , 1979 .

[4]  Sabrina De Capitani di Vimercati,et al.  Proceedings of the 13th ACM conference on Computer and communications security , 2006, CCS 2006.

[5]  Hugh C. Williams,et al.  A modification of the RSA public-key encryption procedure (Corresp.) , 1980, IEEE Trans. Inf. Theory.

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  D. J. Bernstein Reducing lattice bases to find small-height values of univariate polynomials , 2008 .

[8]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[9]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[10]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[11]  Jean-Sébastien Coron,et al.  Optimal Security Proofs for PSS and Other Signature Schemes , 2002, EUROCRYPT.

[12]  Jean-Sébastien Coron,et al.  Security Proof for Partial-Domain Hash Signature Schemes , 2002, CRYPTO.

[13]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[14]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[15]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[16]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[17]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[18]  Richard Graveman,et al.  Report on the first ACM conference on computer and communications security , 1994, SGSC.

[19]  Kaoru Kurosawa,et al.  Efficient Rabin-type Digital Signature Scheme , 1999, Des. Codes Cryptogr..

[20]  Alfred Menezes,et al.  Another Look at "Provable Security" , 2005, Journal of Cryptology.

[21]  Tanja Lange,et al.  Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings , 2006, INDOCRYPT.

[22]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[23]  Mike Gardner A new kind of cipher that would take millions of years to break , 1997 .

[24]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[25]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[26]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[27]  D. Bernstein RSA signatures and Rabin – Williams signatures : the state of the art , 2008 .

[28]  Alfred Menezes,et al.  Another Look at "Provable Security". II , 2006, INDOCRYPT.

[29]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[30]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[31]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.