Cramer-Damgård signatures revisited: Efficient flat-tree signatures based on factoring

At Crypto 96 Cramer and Damgard proposed an efficient, tree-based, signature scheme that is provably secure against adaptive chosen message attacks under the assumption that inverting RSA is computationally infeasible. In this paper we show how to modify their basic construction in order to achieve a scheme that is provably secure under the assumption that factoring large composites of a certain form is hard. Interestingly our scheme is as efficient as the original Cramer Damgard solution while relying on a seemingly weaker intractability assumption.

[1]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[2]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[3]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[6]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[7]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[8]  Moni Naor,et al.  An Efficient Existentially Unforgeable Signature Scheme and Its Applications , 1994, Journal of Cryptology.

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[11]  Birgit Pfitzmann,et al.  Digital Signature Schemes: General Framework and Fail-Stop Signatures , 1996 .

[12]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[13]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[14]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[15]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[16]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[17]  Silvio Micali,et al.  How to sign given any trapdoor permutation , 1992, JACM.

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[19]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  Ivan Damgård,et al.  Secure Signature Schemes Based on Interactive Protocols See Back Inner Page for a List of Recent Publications in the Brics Report Series. Copies May Be Obtained by Contacting: Secure Signature Schemes Based on Interactive Protocols , 1995 .

[22]  Birgit Pfitzmann Conventional definitions of fail-stop signature schemes and general reductions , 1996 .

[23]  Ivan Damgård,et al.  New Generation of Secure and Practical RSA-Based Signatures , 1996, CRYPTO.

[24]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .