An Efficient Construction for Fail-Stop Signature for Long Messages

The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.

[1]  Birgit Pfitzmann,et al.  Digital Signature Schemes: General Framework and Fail-Stop Signatures , 1996 .

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[3]  Thomas Johansson,et al.  Contributions to unconditionally secure authentication , 1994 .

[4]  Yvo Desmedt,et al.  Perfect Homomorphic Zero-Knowledge Threshold Schemes over any Finite Abelian Group , 1994, SIAM J. Discret. Math..

[5]  Birgit Pfitzmann Fail-stop Signatures; Principles and Applications , 1991 .

[6]  Birgit Pfitzmann,et al.  The Dining Cryptographers in the Disco - Underconditional Sender and Recipient Untraceability with Computationally Secure Serviceability (Abstract) , 1990, EUROCRYPT.

[7]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[8]  Josef Pieprzyk,et al.  RSA-based fail-stop signature schemes , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[9]  Eugène van Heyst,et al.  How to Make Efficient Fail-stop Signatures , 1992, EUROCRYPT.

[10]  Thomas Johansson,et al.  Authentication codes for nontrusting parties obtained from rank metric codes , 1995, Des. Codes Cryptogr..

[11]  Jennifer Seberry,et al.  A New and Efficient Fail-stop Signature Scheme , 2000, Comput. J..

[12]  Reihaneh Safavi-Naini,et al.  Threshold Fail-Stop Signature Schemes Based on Discrete Logarithm and Factorization , 2000, ISW.

[13]  Birgit Pfitzmann,et al.  Fail-Stop Signatures , 1997, SIAM J. Comput..

[14]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[15]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[16]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[17]  Keith M. Martin,et al.  Cumulative Arrays and Geometric Secret Sharing Schemes , 1992, AUSCRYPT.

[18]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[19]  Willy Susilo,et al.  A General Construction for Fail-Stop Signature using Authentication Codes , 2001 .

[20]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[21]  Birgit Pfitzmann,et al.  New Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract) , 1992, CRYPTO.