Sciweavers

PKC
2007
Springer

Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles

14 years 6 months ago
Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles
We provide a positive result about the Fiat-Shamir (FS) transform in the standard model, showing how to use it to convert threemove identification protocols into two-tier signature schemes with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. We can show that numerous protocols have the required properties and so obtain numerous efficient two-tier schemes. Our first application is a two-tier scheme based transform of any unforgeable signature scheme into a strongly unforgeable one. (This extends Boneh, Shen and Waters [8] whose transform only applies to a limited class of schemes.) The second application is new one-time signature schemes that, compared to one-way function based ones of the same computational cost, have smaller key and signature sizes.
Mihir Bellare, Sarah Shoup
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where PKC
Authors Mihir Bellare, Sarah Shoup
Comments (0)