An efficient construction for fail-stop signature for long messages

Rei Safavi-Naini; Willy Susilo; Huaxiong Wang

An efficient construction for fail-stop signature for long messages

Rei Safavi-Naini^*, Willy Susilo, Huaxiong Wang

^*Corresponding author for this work

School of Computing

Research output: Contribution to journal › Article › peer-review

5 Citations (Scopus)

Abstract

The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.

Original language	English
Pages (from-to)	879-898
Number of pages	20
Journal	Journal of Information Science and Engineering
Volume	17
Issue number	6
Publication status	Published - Nov 2001

Keywords

Authentication codes
Fail-stop signature schemes
Linearised polynomials
One-time signature
Threshold signature

Cite this

@article{9fd3e9831cf5489986b382660ebbe6d7,

title = "An efficient construction for fail-stop signature for long messages",

abstract = "The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.",

keywords = "Authentication codes, Fail-stop signature schemes, Linearised polynomials, One-time signature, Threshold signature",

author = "Rei Safavi-Naini and Willy Susilo and Huaxiong Wang",

year = "2001",

month = nov,

language = "English",

volume = "17",

pages = "879--898",

journal = "Journal of Information Science and Engineering",

issn = "1016-2364",

publisher = "Institute of Information Science",

number = "6",

}

TY - JOUR

T1 - An efficient construction for fail-stop signature for long messages

AU - Safavi-Naini, Rei

AU - Susilo, Willy

AU - Wang, Huaxiong

PY - 2001/11

Y1 - 2001/11

N2 - The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.

AB - The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.

KW - Authentication codes

KW - Fail-stop signature schemes

KW - Linearised polynomials

KW - One-time signature

KW - Threshold signature

UR - http://www.scopus.com/inward/record.url?scp=0035520512&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:0035520512

VL - 17

SP - 879

EP - 898

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

SN - 1016-2364

IS - 6

ER -

An efficient construction for fail-stop signature for long messages

Abstract

Keywords

Other files and links

Fingerprint

Cite this