Abstract
The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.
Original language | English |
---|---|
Pages (from-to) | 879-898 |
Number of pages | 20 |
Journal | Journal of Information Science and Engineering |
Volume | 17 |
Issue number | 6 |
Publication status | Published - Nov 2001 |
Keywords
- Authentication codes
- Fail-stop signature schemes
- Linearised polynomials
- One-time signature
- Threshold signature