Short one-time signatures

We present a new one-time signature scheme having short signatures. Our new scheme is also the first one-time signature scheme that supports aggregation, batch verification, and which admits efficient proofs of knowledge. It has a fast signing algorithm, requiring only modular additions, and its verification cost is comparable to ECDSA verification. These properties make our scheme suitable for applications on resource-constrained devices such as smart cards and sensor nodes.

[1]  Christoph Krauß,et al.  Short Hash-Based Signatures for Wireless Sensor Networks , 2009, CANS.

[2]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[3]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[4]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[5]  Douglas R. Stinson,et al.  Generalized cover-free families , 2004, Discret. Math..

[6]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[7]  Payman Mohassel,et al.  One-Time Signatures and Chameleon Hash Functions , 2010, Selected Areas in Cryptography.

[8]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[9]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[10]  E. Sperner Ein Satz über Untermengen einer endlichen Menge , 1928 .

[11]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[12]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[13]  Lie Zhu,et al.  Some New Bounds for Cover-Free Families , 2000, J. Comb. Theory, Ser. A.

[14]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: implementation, performance, and research challenges , 2008, IEEE Communications Magazine.

[15]  Eugène van Heyst,et al.  How to Make Efficient Fail-stop Signatures , 1992, EUROCRYPT.

[16]  Giuseppe Ateniese Verifiable encryption of digital signatures and applications , 2004, TSEC.

[17]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[18]  Christof Paar,et al.  Fast Hash-Based Signatures on Constrained Devices , 2008, CARDIS.

[19]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[20]  Ronald L. Rivest,et al.  A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields , 1984, CRYPTO.

[21]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[22]  Kemal Bicakci,et al.  How to construct optimal one-time signatures , 2003, Comput. Networks.

[23]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[24]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[25]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[26]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[27]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[28]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[29]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[30]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[31]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[32]  Adrian Perrig,et al.  Seven cardinal properties of sensor network broadcast authentication , 2006, SASN '06.

[33]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[34]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .

[35]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[36]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[37]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[38]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[39]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[40]  Avishai Wool,et al.  One-Time Signatures Revisited: Have They Become Practical? , 2005, IACR Cryptol. ePrint Arch..

[41]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[42]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[43]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[44]  J. Camenisch,et al.  Proof systems for general statements about discrete logarithms , 1997 .

[45]  David Chaum,et al.  Provably Unforgeable Signatures , 1992, CRYPTO.

[46]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[47]  Donald L. Kreher,et al.  Combinatorial algorithms: generation, enumeration, and search , 1998, SIGA.

[48]  Kemal Bicakci,et al.  One-Time sensors: a novel concept to mitigate node-capture attacks , 2005 .