Abstract
Canetti and Rabin recently proposed a universally composable ideal functionality \(\mathcal{F}_{\rm SIG}\) for digital signatures. We show that this functionality cannot be securely realized by any signature scheme, thereby disproving their result that any signature scheme that is existentially unforgeable under adaptive chosen-message attack is a secure realization.
Next, an improved signature functionality is presented. We show that our improved functionality can be securely realized by precisely those signature schemes that are secure against existential forgery under adaptive chosen-message attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Backes, M., Hofheinz, D.: How to break and repair a universally composable signature functionality. Technical Report RZ 3512, IBM Research Division (November 2003), Online available at http://www.research.ibm.com/resources/paper_search.shtml
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE Computer Society, Los Alamitos (2001), http://eprint.iacr.org/2000/067
Canetti, R.: On universally composable notions of security for signature, certification and authentication. Cryptology ePrint archive (November 2003)
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 337. Springer, Heidelberg (2002), http://eprint.iacr.org/2002/059
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proc. 34th Annual ACM Symposium on Theory of Computing (STOC), pp. 494–503 (2002), http://eprint.iacr.org/2002/140
Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)
Canetti, R., Rabin, T.: Universal composition with joint state. Cryptology ePrint archive (November 2003)
Cramer, R., Damgård, I.B.: Secure signature schemes based on interactive protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 297–310. Springer, Heidelberg (1995)
Cramer, R., Damgård, I.B.: New generation of secure and practical RSAbased signatures. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 173–185. Springer, Heidelberg (1996)
Dwork, C., Naor, M.: An efficient existentially unforgeable signature scheme and its applications. Journal of Cryptology 11(3), 187–208 (1998)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)
Hofheinz, D., Müller-Quade, J., Steinwandt, R.: On modeling INDCCA security in cryptographic protocols. Cryptology ePrint Archive, Report 2003/024 (February 2003), http://eprint.iacr.org/2003/024
Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 387–394 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Hofheinz, D. (2004). How to Break and Repair a Universally Composable Signature Functionality. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive