Download:
|
by Extended Abstract, Markus Michels, Glatt Tower
http://www.zurich.ibm.com/~jca/papers/ec2000.ps.gz
Add To MetaCart
Abstract:
Abstract. The main dierence between conrmer signatures and ordinary digital signatures is that a conrmer signature can be veried only with the assistance of a semitrusted third party, the conrmer. Additionally, the conrmer can selectively convert single conrmer signatures into ordinary signatures. This paper points out that previous models for conrmer signature schemes are too restricted to address the case where several signers share the same conrmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We dene a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signature scheme and public key encryption scheme. We also exhibit a concrete instance thereof. 1
Citations
|
1976
|
A method for obtaining digital signatures and public-key cryptosystems
– Rivest, Shamir, et al.
- 1978
|
|
610
|
A digital signature scheme secure against adaptive chosen-message attacks
– Goldwasser, Micali, et al.
- 1988
|
|
413
|
Efficient signature generation for smart cards
– Schnorr
- 1991
|
|
356
|
Undeniable signatures
– Chaum, Antwerpen
|
|
355
|
Nonmalleable cryptography
– Dolev, Dwork, et al.
|
|
351
|
A paractical public-key cryptosystem provably secure against adaptive chosen ciphertext attack
– Cramer, Shoup
- 1998
|
|
244
|
The exact security of digital signatures - how to sign with rsa and rabin
– Bellare, Rogaway
- 1996
|
|
201
|
Fair exchange of digital signatures
– Asokan, Shoup, et al.
- 1998
|
|
94
|
Efficient proofs that a committed number lies in an interval
– Boudot
- 2000
|
|
75
|
Efficient concurrent zero-knowledge in the auxiliary string model
– Damgard
- 2000
|
|
52
|
A.Sahai: Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints
– Dwork
|
|
51
|
Etficient group signature schemes for large groups
– Camenisch, Stadler
- 1997
|
|
39
|
One-Way Functions are Necessary and Su cient for Secure Signatures
– Rompel
- 1990
|
|
37
|
How to sign given any trapdoor function
– Bellare, Micali
|
|
30
|
R.: On concurrent zero-knowledge with preprocessing
– Crescenzo, Ostrovsky
|
|
28
|
Verifiable signature sharing
– Franklin, Reiter
- 1995
|
|
27
|
A practical and provably secure scheme for publicly verifiable secret sharing and its applications
– Fujisaki, Okamoto
- 1998
|
|
22
|
Proofs of Partial Knowledge and Simplied Design of Witness Hiding Protocols
– Cramer, DamgËšard, et al.
- 1994
|
|
20
|
Publicly veri secret sharing
– Stadler
- 1996
|
|
13
|
Separability and eciency for generic group signature schemes
– Camenisch, Michels
- 1999
|
|
9
|
Fast Batch veri for modular exponentiation and digital signatures
– Bellare, Garay, et al.
- 1998
|
|
8
|
Designated con signatures
– Chaum
- 1994
|
|
4
|
Ecient fair exchange with veri con of signatures
– Chen
- 1998
|
|
3
|
Generic constructions for secure and ecient con signature schemes
– Michels, Stadler
- 1998
|
|
2
|
New ecient and secure protocols for veri signature sharing and other applications
– Catalano, Gennaro
- 1998
|
|
2
|
Designated con signatures and public-key encryption are equivalent
– Okamoto
- 1994
|
|
1
|
Undeniable con signature
– Nguyen, Mu, et al.
- 1999
|
