Fail-stop signature for long messages

Rei Safavi-Naini, Willy Susilo, Huaxiong Wang

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

4 Citations (Scopus)


Security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in a slow signature generation process. In this paper, we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function and results in a much faster signing process at the cost of slower verification process, and longer secret key and signature. An important advantage of the scheme is that proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash functions.

Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2000 - 1st International Conference in Cryptology in India, Proceedings
Place of PublicationBerlin ; New York
PublisherSpringer, Springer Nature
Number of pages13
ISBN (Print)3540414525, 9783540414520
Publication statusPublished - 2000
Event1st International Conference in Cryptology in India, INDOCRYPT 2000 - Calcutta, India
Duration: 10 Dec 200013 Dec 2000

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)03029743
ISSN (Electronic)16113349


Other1st International Conference in Cryptology in India, INDOCRYPT 2000


Dive into the research topics of 'Fail-stop signature for long messages'. Together they form a unique fingerprint.

Cite this