An efficient construction for fail-stop signature for long messages

Rei Safavi-Naini*, Willy Susilo, Huaxiong Wang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)


The security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in slow signature generation. In this paper we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function, and results in a much faster signature generation at the cost of slower verification, and a longer secret key and signature. An important advantage of the scheme is that the proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash function. The scheme can be used in a distributed setting where signature generation requires collaboration of k signers. The paper concludes with some open problems.

Original languageEnglish
Pages (from-to)879-898
Number of pages20
JournalJournal of Information Science and Engineering
Issue number6
Publication statusPublished - Nov 2001


  • Authentication codes
  • Fail-stop signature schemes
  • Linearised polynomials
  • One-time signature
  • Threshold signature


Dive into the research topics of 'An efficient construction for fail-stop signature for long messages'. Together they form a unique fingerprint.

Cite this