Monotone Signatures

In man y real-lifesituations, massive quantities of signatureshave tobe issuedon cheap passivesupp orts(e.g. pap er-based)such asbank-notes,badges, ID cards, driving licensesor passports(hereafter IDs);while large-scaleID replacementsarecostly and prohibitive, one ma y reasonablyassumethattheup dating of verificationequipmen t (e.g. off-lineb ordercheckp ointsor mobile patrolunits)is exceptionallyacceptable. In such a con text, an attac ker using co ercive means (e.g. kidnapping) can force the systemauthorities torevealtheinfrastructure’s secretsignaturekeys and startissuing signaturesthatareindistinguishablefrom thoseissuedby theauthorit y . The solutionpresentedin thispap erwithstandssuch attac ksup toa certainp oint:after thetheft, theauthorit y restricts theverificationcriteria(by an exceptionalverification equipmen tup date)in such a w ay thatthegenuine signaturesissuedbeforetheattac k become easilydistinguishablefrom thefreshersignaturesissuedby theattac ker. Needless tosay , w eassumethatatany p ointin timetheverificationalgorithmisentirely known totheattac ker.

[1]  Robert E. Whitson,et al.  AN IMPROVED , 2005 .

[2]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[3]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Simmons,et al.  The Subliminal Channel and Digital Signatures , 2022 .

[6]  David M'Raïhi,et al.  Computational Alternatives to Random Number Generators , 1998, Selected Areas in Cryptography.

[7]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[8]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[9]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[10]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[11]  PointchevalDavid,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2000 .

[12]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[13]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[14]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[17]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[18]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[19]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[20]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[21]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[22]  David M'Raïhi,et al.  Batch exponentiation: a fast DLP-based signature generation strategy , 1996, CCS '96.