论文信息 - On the Efficiency of One-Time Digital Signatures

On the Efficiency of One-Time Digital Signatures

Digital signature schemes based on a general one-way function without trapdoor offer two potential advantages over digital signature schemes based on trapdoor one-way functions such as the RSA system: higher efficiency and much more freedom in choosing a cryptographic function to base the security on. Such a scheme is characterized by a directed acyclic computation graph and an antichain in a certain partially ordered set defined by the graph. Several results on the achievable efficiency of such schemes are proved, where the efficiency of a scheme is defined as the ratio of the size of messages that can be signed and the number of one-way function evaluations needed for setting up the system. For instance, the maximal achievable efficiency for trees is shown to be equal to a constant γ ≈ 0.4161426 and a family of general graphs with substantially greater efficiency 0.476 is demonstrated. This construction appears to be close to optimal.

Ueli Maurer | Daniel Bleichenbacher

[1] David Chaum,et al. Provably Unforgeable Signatures , 1992, CRYPTO.

[2] de Ng Dick Bruijn,et al. On the set of divisors of a number , 1951 .

[3] Moni Naor,et al. Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[4] Ueli Maurer,et al. Directed Acyclic Graphs, One-way Functions and Digital Signatures , 1994, CRYPTO.

[5] Ueli Maurer,et al. Optimal Tree-Based One-Time Digital Signature Schemes , 1996, STACS.

[6] Ralph C. Merkle,et al. A Certified Digital Signature , 1989, CRYPTO.

[7] Abraham Bookstein,et al. Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[8] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9] John Rompel,et al. One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[10] Serge Vaudenay. One-Time Identification with Low Memory , 1993 .

[11] Stephen M. Matyas,et al. Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[12] Silvio Micali,et al. On-Line/Off-Line Digital Schemes , 1989, CRYPTO.

[13] Claus-Peter Schnorr,et al. Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.