On Provable Security for Digital Signature Algorithms

In this paper we consider provable security for ElGamal-like digital signature schemes. We point out that the good the security criterion on the underlying hash function is pseudorandomness. We extend Pointcheval-Stern's results about the use of the random oracle model to prove the security of two variants of the US Digital Signature Algorithm against adaptive attacks which issue an existential forgery. We prove that a very practical use of the random oracle model is possible whith tamper-resistant modules.

[1]  Paul C. van Oorschot,et al.  On Diffie-Hellman Key Agreement with Short Exponents , 1996, EUROCRYPT.

[2]  Helmut Hasse The Class Number , 1980 .

[3]  Jacques Stern,et al.  On the Length of Cryptographic Hash-Values Used in Identification Schemes , 1994, CRYPTO.

[4]  U. Maurer A Simpliied and Generalized Treatment of Luby-rackoo Pseudorandom Permutation Generators , 1992 .

[5]  Adi Shamir,et al.  On the Generation of Cryptographically Strong Pseudo-Random Sequences , 1981, ICALP.

[6]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[7]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[8]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[11]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[12]  Claus-Peter Schnorr,et al.  Security of 2^t-Root Identification and Signatures , 1996, CRYPTO.

[13]  F. P. Secrecy , 1994, RES: Anthropology and Aesthetics.

[14]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[15]  Serge Vaudenay,et al.  Minding your p's and q's , 1996, ASIACRYPT.

[16]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[17]  Serge Vaudenay,et al.  Hidden Collisions on DSS , 1996, CRYPTO.

[18]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[19]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[20]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[21]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[22]  D. Pointcheval Les preuves de connaissance et leurs preuves de sécurité , 1996 .

[23]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[24]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.

[25]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[26]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[27]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[28]  I. Damgård The Application of Claw Free Functions in Cryptography: - Unconditional Protection in Cryptographic Protocols , 1988 .

[29]  Hans Dobbertin,et al.  Cryptanalysis of MD4 , 1996, Journal of Cryptology.

[30]  Andrew Hodges,et al.  Alan Turing: The Enigma of Intelligence , 1985 .