论文信息 - On Concrete Security Treatment of Signatures Derived from Identification

On Concrete Security Treatment of Signatures Derived from Identification

Signature schemes that are derived from three move identification schemes such as the Fiat-Shamir, Schnorr and modified ElGamal schemes are a typical class of the most practical signature schemes. The random oracle paradigm [1, 2, 12] is useful to prove the security of such a class of signature schemes [4, 12]. This paper presents a new key technique, “ID reduction”, to show the concrete security result of this class of signature schemes under the random oracle paradigm. First, we apply this technique to the Schnorr and modified ElGamal schemes, and show the “concrete security analysis” of these schemes. We then apply it to the multi-signature schemes.

Kazuo Ohta | Tatsuaki Okamoto

[1] Jacques Stern,et al. Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[2] N. Koblitz. Elliptic curve cryptosystems , 1987 .

[3] Silvio Micali,et al. The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4] Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[5] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6] Amos Fiat,et al. Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[7] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[9] Mihir Bellare,et al. The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[10] Kazuo Ohta,et al. A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme , 1991, ASIACRYPT.

[11] Moni Naor,et al. Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[12] C. P. Schnorr,et al. Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[13] C. Caldwell. Mathematics of Computation , 1999 .

[14] John Rompel,et al. One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.