Article

Forward-Secure Signatures with Optimal Signing and Verifying

Authors:

Leonid ReyzinAuthors Info & Claims

CRYPTO '01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology

August 2001

Pages 332 - 354

Published: 19 August 2001 Publication History

Abstract

We propose the first forward-secure signature scheme for which both signing and verifying are as efficient as for one of the most efficient ordinary signature schemes (Guillou-Quisquater [GQ88]), each requiring just two modular exponentiations with a short exponent. All previously proposed forward-secure signature schemes took significantly longer to sign and verify than ordinary signature schemes.

Our scheme requires only fractional increases to the sizes of keys and signatures, and no additional public storage. Like the underlying [GQ88] scheme, our scheme is provably secure in the random oracle model.

References

[1]

Ross Anderson. Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM, 1997.

[2]

Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Advances in Cryptology--ASIACRYPT 2000, Springer-Verlag 2000. Full version available from the Cryptology ePrint Archive, record 2000/002, http://eprint.iacr.org/.

[3]

Mihir Bellare and Sara Miner. A forward-secure digital signature scheme. In Advances in Cryptology--CRYPTO '99, Springer-Verlag, 1999. Revised version is available from http://www.cs.ucsd.edu/mihir/.

[4]

Niko Barić and Birgit Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology-- EUROCRYPT 97, Springer-Verlag, 1997.

[5]

Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communication Security, pages 62-73, November 1993. Revised version appears in http://www-cse.ucsd.edu/users/mihir/papers/crypto-papers.html.

[6]

Eric Bach and Jeffrey Shallit. Algorithmic Number Theory. MIT Press, Cambridge, MA, 1996.

[7]

Eiichiro Fujisaki and Tatsuaki Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Burton S. Kaliski Jr., editor, Advances in Cryptology--CRYPTO '97, volume 1294 of Lecture Notes in Computer Science, pages 16-30. Springer-Verlag, 17-21 August 1997.

[8]

Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Advances in Cryptology--CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 186-194. Springer-Verlag, 1987, 11-15 August 1986.

[9]

Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281-308, April 1988.

[10]

Shafi Goldwasser, editor. Advances in Cryptology--CRYPTO '88, volume 403 of Lecture Notes in Computer Science. Springer-Verlag, 1990, 21-25 August 1988.

[11]

Louis Claude Guillou and Jean-Jacques Quisquater. A "paradoxical" indentity-based signature scheme resulting from zero-knowledge. In Goldwasser {Gol88}, pages 216-231.

[12]

Hugo Krawczyk. Simple forward-secure signatures from any signature scheme. In Seventh ACM Conference on Computer and Communication Security. ACM, November 1-4 2000.

[13]

Silvio Micali and Gene Itkis. Private Communication.

[14]

Silvio Micali. A secure and efficient digital signature algorithm. Technical Report MIT/LCS/TM-501, Massachusetts Institute of Technology, Cambridge, MA, March 1994.

[15]

Silvio Micali and Leonid Reyzin. Improving the exact security of Fiat-Shamir signature schemes. In R. Baumgart, editor, Secure Networking -- CQRE {Secure} '99, volume 1740 of Lecture Notes in Computer Science, pages 167-182. Springer-Verlag, 1999.

[16]

Kazuo Ohta and Tatsuaki Okamoto. A modification of the Fiat-Shamir scheme. In Goldwasser {Gol88}, pages 232-243.

[17]

H. Ong and Claus P. Schnorr. Fast signature generation with a Fiat Shamir-like scheme. In I. B. Damgård, editor, Advances in Cryptology-- EUROCRYPT 90, volume 473 of Lecture Notes in Computer Science, pages 432-440. Springer-Verlag, 1991, 21-24 May 1990.

[18]

David Pointcheval and Jacques Stern. Security proofs for signature schemes. In Ueli Maurer, editor, Advances in Cryptology--EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science, pages 387-398. Springer-Verlag, 12-16 May 1996.

[19]

Adi Shamir. On the generation of cryptographically strong pseudorandom sequences. ACM Transactions on Computer Systems, 1(1):38-44, February 1983.

Cited By

Abdalla MBenhamouda FPointcheval D(2019)On the Tightness of Forward-Secure Signature ReductionsJournal of Cryptology10.1007/s00145-018-9283-232:1(84-150)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9283-2
Xiang TLi XChen FMu YChen XWang XHuang X(2016)Bilateral-secure Signature by Key EvolvingProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897864(523-533)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897864
Hartung G(2016)Secure Audit Logs with Verifiable ExcerptsProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_11(183-199)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_11
Show More Cited By

Index Terms

Forward-Secure Signatures with Optimal Signing and Verifying
1. Information systems
  1. Data management systems
    1. Data structures
      1. Data layout
        Data encryption
2. Security and privacy
  1. Cryptography

Index terms have been assigned to the content through auto-classification.

Recommendations

Forward-Secure Multi-signatures
ICDCIT '08: Proceedings of the 5th International Conference on Distributed Computing and Internet Technology

In many applications a document needs to be signed by more than one signer. When a signature depends on more than one signer we call it a multi-signature. Further, ordinary digital signatures have an inherent weakness: if the secret key is leaked, then ...
Read More
Forward-secure signatures in untrusted update environments: efficient and generic constructions
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Forward-secure signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer's storage. To simplify the integration of these primitives into standard security architectures, Boyen, Shacham, Shen and Waters ...
Read More
Practical forward secure sequential aggregate signatures
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security

A forward secure sequential aggregate (FssAgg) signature scheme allows a signer to iteratively combine signatures generated in different time intervals - and with different keys - into a single constant-size signature. Such a signature offers forward ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology

August 2001

598 pages

ISBN:3540424563

Editor:
Joe Kilian

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 August 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Abdalla MBenhamouda FPointcheval D(2019)On the Tightness of Forward-Secure Signature ReductionsJournal of Cryptology10.1007/s00145-018-9283-232:1(84-150)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9283-2
Xiang TLi XChen FMu YChen XWang XHuang X(2016)Bilateral-secure Signature by Key EvolvingProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897864(523-533)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897864
Hartung G(2016)Secure Audit Logs with Verifiable ExcerptsProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_11(183-199)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_11
Zhang XXu CJin CXie R(2014)Efficient forward secure identity-based shorter signature from latticeComputers and Electrical Engineering10.5555/2668455.272932340:6Online publication date: 1-Aug-2014
https://dl.acm.org/doi/10.5555/2668455.2729323
Cairns KGamage THauser CSadeghi AGligor VYung M(2013)Efficient targeted key subset retrieval in fractal hash sequencesProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516739(1273-1284)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516739
Libert BYung M(2013)Adaptively secure non-interactive threshold cryptosystemsTheoretical Computer Science10.1016/j.tcs.2013.01.001478(76-100)Online publication date: 1-Mar-2013
https://dl.acm.org/doi/10.1016/j.tcs.2013.01.001
Libert BYung M(2012)Fully forward-secure group signaturesCryptography and Security10.5555/2184081.2184097(156-184)Online publication date: 1-Jan-2012
https://dl.acm.org/doi/10.5555/2184081.2184097
Fan KWang YLi H(2012)A new proxy blind signature schemeInternational Journal of Grid and Utility Computing10.1504/IJGUC.2012.0457093:1(38-42)Online publication date: 1-Mar-2012
https://dl.acm.org/doi/10.1504/IJGUC.2012.045709
Dezani-Ciancaglini MHorne RSassone V(2012)Tracing where and who provenance in Linked DataTheoretical Computer Science10.1016/j.tcs.2012.06.020464(113-129)Online publication date: 1-Dec-2012
https://dl.acm.org/doi/10.1016/j.tcs.2012.06.020
Yavuz ANing P(2012)Self-sustaining, efficient and forward-secure cryptographic constructions for Unattended Wireless Sensor NetworksAd Hoc Networks10.1016/j.adhoc.2012.03.00610:7(1204-1220)Online publication date: 1-Sep-2012
https://dl.acm.org/doi/10.1016/j.adhoc.2012.03.006
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents