article

Free access

How to sign given any trapdoor permutation

Authors:

Mihir Bellare,

Silvio MicaliAuthors Info & Claims

Journal of the ACM (JACM), Volume 39, Issue 1

Pages 214 - 233

https://doi.org/10.1145/147508.147537

Published: 02 January 1992 Publication History

PDF eReader

Abstract

A digital signature scheme is presented, which is based on the existence of any trapdoor permutation. The scheme is secure in the strongest possible natural sense: namely, it is secure against existential forgery under adaptive chosen message attack.

References

[1]

BELLARE, M, AND MrC~,LI, S. How to sign given any trapdoor fllnctions. In Proceedings of the 20th Annual A CM S vmposzum on the Theoo' of Computing. ACM, New York, 1988, pp 32-42.

Digital Library

Google Scholar

[2]

BLUM, L, BLUM, M., AND SHUB, M. A simple unpredactable pseudo-random number generator SIAM J. Comput. 15, 2 (May 1986), 364-383.

Digital Library

Google Scholar

[3]

BLUM, M., AND MICALI, S. How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13, 4 (Nov. 1984), 850-864

Digital Library

Google Scholar

[4]

DIFFIE, W., AND HELLMAN, M.E. New directions in cryptography, IEEE Trans. Info. Theory IT-22 (Nov. 1976), 644-654.

Digital Library

Google Scholar

[5]

GOI~t)r~ETCH, O. Two remarks concerning the GMR signature scheme. Tech Rep. 715, MIT Laboratory for Computer Science, MIT, Cambridge, Mass., Sept. 1986.

Google Scholar

[6]

GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. HOW to construct random functions. J. ACM. 33, 4 (Oct. 1986), 792-807.

Digital Library

Google Scholar

[7]

GOLDWASSER, S., AND MICALI, S. Probabalistic encryption. J Comput. Syst. Sci. 28 (Apr. 1984), 270-299.

Crossref

Google Scholar

[8]

GOLDWASSER, S., MICALI, S., AND RIVEST, R. A digital signature scheme secure against adaptxve chosen-message attacks. SIAM J. Comput. 17, 2 (Apr. 1988), 281-308.

Digital Library

Google Scholar

[9]

GOLDWASSER, S., MICALI, S., YAO, A. Strong signature schemes. In Proceedings of the 15th Annual ACM Symposium on the Theory of Computing. ACM, New York 1983, pp. 431-439.

Digital Library

Google Scholar

[10]

GumLou, L. A zero-knowledge evolution of the paradoxical GMR signature scheme. Manuscript, (Feb. 1988).

Google Scholar

[11]

LAMPORT, L. Constructing digital signatures from a one-way funcnon. SRI Intl. CSL-98. (October 1979).

Google Scholar

[12]

MERKLE, R. A digital signature based on a conventional encryption function. In Advances in Cryptology-CRYPTO "87 Lecture Notes in Computer Science, vol. 293. Springer-Verlag, New York, 1987.

Digital Library

Google Scholar

[13]

NAOR, M., AND YUNC, M. Universal one-way hash functions and their cryptographic apphcatIons. In Proceedings of the 21st Annual ACM Symposium on the Theory of Computing. ACM New York 1989, pp. 33-43.

Digital Library

Google Scholar

[14]

RIVEST, R., SHAMIa, A., AND ADLEMAN, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM (Feb. 1978), 120-t26.

Digital Library

Google Scholar

[15]

ROMPEL, J One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Annual A CM Symposium on the Theoo' of Computing. ACM New York, 1990, pp. 387-394.

Digital Library

Google Scholar

[16]

WILLIAMS, H. C. A modification of the RSA public-key cryptosystem. IEEE Trans. Inf. Theory, IT-26 (1980), 726- 729.

Crossref

Google Scholar

[17]

YAO, A.C. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual IEEE Symposium on the Foundations of Computer Science. IEEE, New York, 1982, pp. 80-91.

Digital Library

Google Scholar

Cited By

View all

Fischlin MHaagh H(2019)How to Sign with White-Boxed AESProgress in Cryptology – LATINCRYPT 201910.1007/978-3-030-30530-7_13(259-279)Online publication date: 2-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-30530-7_13
Luo HWang X(2015)New signature schemes in the standard model based on publicly verifiable CCA-secure public key encryptionInternational Journal of Information and Communication Technology10.1504/IJICT.2015.0683887:2/3(235-246)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.1504/IJICT.2015.068388
Dodis YFiore D(2014)Interactive Encryption and Message AuthenticationSecurity and Cryptography for Networks10.1007/978-3-319-10879-7_28(494-513)Online publication date: 2014
https://doi.org/10.1007/978-3-319-10879-7_28
Show More Cited By

Recommendations

CCA Security and Trapdoor Functions via Key-Dependent-Message Security
Advances in Cryptology – CRYPTO 2019
Abstract
We study the relationship among public-key encryption (PKE) satisfying indistinguishability against chosen plaintext attacks (IND-CPA security), that against chosen ciphertext attacks (IND-CCA security), and trapdoor functions (TDF). Specifically, ...
Transitive signatures: new schemes and proofs

We present novel realizations of the transitive signature primitive introduced by Micali and Rivest, enlarging the set of assumptions on which this primitive can be based, and also providing performance improvements over existing schemes. More ...
CCA Security and Trapdoor Functions via Key-Dependent-Message Security
Abstract
We study the relationship among public-key encryption (PKE) satisfying indistinguishability against chosen plaintext attacks (IND-CPA security), that against chosen ciphertext attacks (IND-CCA security), and trapdoor functions (TDF). Specifically, ...

Reviews

Reviewer: Catherine Ann Meadows

A trapdoor permutation is one that is easy to compute but difficult to invert unless some further information is known. The most straightforward way to use a trapdoor permutation for digital signatures is to make the permutation public but keep its inverse secret. The owner of the secret can sign a message by computing the inverse of the function on the message, while others who do not know the secret can verify the signature by computing the public function on the signed message and verifying that the original message is obtained. No trapdoor permutation can be guaranteed to be difficult to invert on its entire domain, however. Moreover, a trapdoor permutation may have algebraic properties that make it possible to compute new signed messages from old signed messages. In this paper, the authors show how to use trapdoor permutations to construct a digital signature scheme that is secure in the very strong sense that an attacker who may obtain a signature on any message she or he chooses cannot use the information to construct signatures of her or his own. This scheme works for any trapdoor permutation. It begins by using a pair of trapdoor permutations f 0 and f 1 and a random seed a to sign a single bit; either a zero or a one is signed depending on whether the inverse of f 0 a or of f 1 a is computed. Further pairs of trapdoor permutations are used to sign a second random seed bit by bit; this seed and the first pair of functions are used to sign a second bit, and so forth. The authors show how more compact signatures can be achieved by arranging the scheme in a tree structure. The results of this paper have also been used by Naor and Yung and by Rompel to show that one-way permutations and one-way functions are sufficient for secure digital signature schemes. The authors point out that the algorithms described in this paper can be used as an introduction to the more complex schemes described in those papers.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 January 1992

Published in JACM Volume 39, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
855
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)7

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fischlin MHaagh H(2019)How to Sign with White-Boxed AESProgress in Cryptology – LATINCRYPT 201910.1007/978-3-030-30530-7_13(259-279)Online publication date: 2-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-30530-7_13
Luo HWang X(2015)New signature schemes in the standard model based on publicly verifiable CCA-secure public key encryptionInternational Journal of Information and Communication Technology10.1504/IJICT.2015.0683887:2/3(235-246)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.1504/IJICT.2015.068388
Dodis YFiore D(2014)Interactive Encryption and Message AuthenticationSecurity and Cryptography for Networks10.1007/978-3-319-10879-7_28(494-513)Online publication date: 2014
https://doi.org/10.1007/978-3-319-10879-7_28
Zhang JWang X(2013)Yet Another Way to Construct Digital Signature in the Standard ModelProceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems10.1109/INCoS.2013.80(430-433)Online publication date: 9-Sep-2013
https://dl.acm.org/doi/10.1109/INCoS.2013.80
Li WLv KYao G(2012)A revised enhanced short signature scheme with hybrid problems2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE)10.1109/CSAE.2012.6272680(662-666)Online publication date: May-2012
https://doi.org/10.1109/CSAE.2012.6272680
Tan XWong D(2012)Generalized first pre-image tractable random oracle model and signature schemesProceedings of the 17th Australasian conference on Information Security and Privacy10.1007/978-3-642-31448-3_19(247-260)Online publication date: 9-Jul-2012
https://dl.acm.org/doi/10.1007/978-3-642-31448-3_19
Micali SPeikert CSudan MWilson D(2010)Optimal error correction for computationally bounded noiseIEEE Transactions on Information Theory10.1109/TIT.2010.207037056:11(5673-5680)Online publication date: 1-Nov-2010
https://dl.acm.org/doi/10.1109/TIT.2010.2070370
Dent A(2010)A Brief Introduction to Certificateless Encryption Schemes and Their InfrastructuresPublic Key Infrastructures, Services and Applications10.1007/978-3-642-16441-5_1(1-16)Online publication date: 2010
https://doi.org/10.1007/978-3-642-16441-5_1
Dent A(2009)A brief introduction to certificateless encryption schemes and their infrastructuresProceedings of the 6th European conference on Public key infrastructures, services and applications10.5555/1927830.1927832(1-16)Online publication date: 10-Sep-2009
https://dl.acm.org/doi/10.5555/1927830.1927832
Herzberg A(2009)Folklore, practice and theory of robust combinersJournal of Computer Security10.5555/1544133.154413517:2(159-189)Online publication date: 1-Apr-2009
https://dl.acm.org/doi/10.5555/1544133.1544135
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Transitive signatures: new schemes and proofs

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

References

Cited By

Index Terms

Recommendations

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Transitive signatures: new schemes and proofs

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations