J. N. Bos and D. Chaum. Provably unforgeable signatures. Advances in Cryptology -- CRYPTO '92, Lecture Notes in Computer Science, 740:1--14, 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....been proved under reasonable cryptographic assumptions. The first one was presented in [27] with efficiency improvements in [25] For an implementation, see [24] The necessary assumptions were successively weakened in [6] 38] 46] Recently, efforts have been made to improve the efficiency in [4] (with an incomplete proof) and [19] 12] Note, however, that fail stop signature schemes (see below) also yield provably secure ordinary digital signature schemes, see [43] 40] and thus the first efficient provably secure scheme based on discrete logarithms was [30] 1.3. New Schemes Just ....

.... are covered by the GMR definition: Sometimes, signing is not only an algorithm with the inputs sk; m, and i, but some memory is needed between executions, e.g. in Schnorr s scheme with preprocessing [49] In another example, there is a trusted public random value in addition to the public keys [4]. 1.4. Goals of Definition and Classification So what does one do with all these new types of schemes 150 Even if each one had a new definition, which some do, but most variants don t, the situation would be unsatisfactory: First, if they are all called signature schemes, a fact that nobody ....

Jurjen Bos and David Chaum (1993). Provably Unforgeable Signatures. Crypto '92, LNCS 740, Springer Verlag, 1--14.

....for this purpose not even needs to be collision free 4 , can be realized much more efficiently than OWFs with appropriate structure. Moreover, these schemes have applications in efficiency critical smartcard applications [6] in on line off line signatures [5] and in the signature schemes of [3]. The general idea of a one time signature scheme is that the secret key is used as the input to a sequence of OWF evaluations which results in a sequence of intermediate results and finally 2 In this paper we only consider schemes for signing a single message, but these results can easily be ....

J.N.E. Bos and D. Chaum, Provably unforgeable signatures, Advances in Cryptology -- CRYPTO '92 (E. Brickell, ed.), Lecture Notes in Computer Science, vol. 740 , Springer Verlag, 1993, pp. 1-14.

....size of the public key is usually related to this number. The first such scheme is due to Lamport (described in [3] and used in [12, 15, 18] This scheme requires as many invocations of a one way function as there are bits to be signed (some improvements are known) The scheme of Bos and Chaum [2] can be viewed as a fixed time signature scheme. In this scheme the size of the public information needed grows at least as fast as the square root of the number of messages the scheme should be able to sign. Even, Goldreich, and Micali [5] tried to combat the computational cost of signature ....

....efficient. The idea of using exponentiation to hide information appears in the original RSA signature scheme [17] Fiat and Shamir employ the subset product technique for signing [7] Merkle [12] suggested the tree authentication scheme, but in his scheme the tree cannot be shallow. The scheme in [2] is similar in spirit to the one time version of our scheme used in every node. Bellare and Micali [1] suggested a tree based scheme where nodes are revived by choosing a new trapdoor permutation which, in turn, is authenticated by the parent of the current node. Our scheme can be seen as an ....

J. Bos and D. Chaum, Provably Unforgeable Signatures, Advances in Cryptology - Crypto'92, Springer Verlag, 1993, pp. 1--14.

....which for this purpose not even needs to be collision free, can be realized much more efficiently than OWFs with appropriate structure. Moreover, these schemes have applications in efficiency critical smartcard applications [6] in on line off line signatures [5] and in the signature schemes of [3]. The general concept of a digital signature schemes of the first type was formalized in [1] The purpose of this paper is to discuss constructions for such schemes and to prove several results on the achievable efficiency, in particular for computation graphs that are trees. The outline of the ....

J.N.E. Bos and D. Chaum, Provably unforgeable signatures, Advances in Cryptology -- CRYPTO '92, E. Brickell (ed.), Lecture Notes in Computer Science, Berlin: Springer Verlag, vol. 740, pp. 1--14, 1993.

No context found.

J. N. Bos and D. Chaum. Provably unforgeable signatures. Advances in Cryptology -- CRYPTO '92, Lecture Notes in Computer Science, 740:1--14, 1993.

No context found.

J. N. Bos and D. Chaum. Provably unforgeable signatures. Advances in Cryptology -- CRYPTO '92, Lecture Notes in Computer Science, 740:1--14, 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC