Security of Digital Signature Schemes in Weakened Random Oracle Models.

Security of Digital Signature Schemes in Weakened Random Oracle Models 269 PÖ Ú ÓÙ× ÛÓÖ ×. ... We study the security of the full domain hash signature scheme, as well as three variants thereof in the weakened random oracle models, leading to a separation result. ... We mention some of these in the concluding remarks. ...

doi:10.1007/978-3-540-78440-1_16 dblp:conf/pkc/NumayamaIT08 fatcat:flzfe2kp65bbhpyr2sgdzianha

Weakened random oracle models (WROMs) are variants of the random oracle model (ROM). The WROMs have the random oracle and the additional oracle which breaks some property of a hash function. ... In particular, we focus on signature schemes such as RSA-FDH, its variants, and DSA, in order to understand essential roles of WROMs in their security proofs. ... A part of this work was supported by Input Output Hong Kong, Nomura Research Institute, NTT Secure Platform Laboratories, Mitsubishi Electric, I-System, JST CREST JPMJCR14D6, JST OPERA, and JSPS KAKENHI ...

arXiv:2107.05411v1 fatcat:66m2rfgoubcmzhv7jhao3fgy7e

Application-level firewall used for inward message authentication in a LAN The Problem In a LAN secured with a firewall, this standard use of public key cryptographic techniques for secure communication ... Most widely used digital signature schemes require access to the signed text for signature verification (schemes with appendix such as DSA [17] , ElGamal [11, 12] or Schnorr [27, 28] ) or recover the message ... The chosen message attack is modeled by allowing A to query Σ as an oracle. We summarize the discussion on digital signature security in the random oracle model with the following two definitions. ...

doi:10.1007/3-540-49162-7_6 fatcat:zj4smttvuzbd5dmkkswhjh2ude

It is also worth noting that our scheme is the most efficient one in the standard model, and offers comparable efficiency against those secure under the random oracle model. ... It is also worth noting that our scheme is the most efficient one in the standard model, and offers comparable efficiency against those secure under the random oracle model. ... Most proposed OFE schemes are proven secure in the random oracle model [16] , in which a hash function is treated as a random function and all users have oracle access to this random function. ...

doi:10.1109/tifs.2014.2354986 fatcat:blas76uwb5hs3ar5kzlmdwz3hi

We give a concrete proposition named OPSSR that achieves the lower bound for message expansion, and give an exact security proof of the scheme in the ideal cipher model. ... We study how digital signature schemes can generate signatures as short as possible, in particular in the case where partial message recovery is allowed. ... The random oracle model is widely used in the literature, the ideal cipher model and the generic group model have been used for proving the security of some specific schemes. ...

doi:10.1007/3-540-36178-2_23 fatcat:joe4wwtwenb5tcypj57yap7w2q

Trapdoor commitment schemes are widely used for adding valuable properties to ordinary signatures or enhancing the security of weakly secure signatures. ... In this letter, we propose a trapdoor commitment scheme based on RSA function, and prove its security under the hardness of the integer factoring. ... Due to the efficiency of computing a commitment, the conversion is also efficient. A weakness of our scheme is that its security is proved in the random oracle model. ...

doi:10.1587/transinf.e92.d.2520 fatcat:gfxqrjlsyrezhgh2jfkpvrov3u

Digital Signature is a basic cryptographic primitive. Security of signature scheme has been studied for decades. ... Furthermore, we extend the generic construction and present a construction of secure digital signature schemes from tag-based adaptive trapdoor function. ... Acknowledgments This work was supported by the National Natural Science Foundation of China (No. 61872152, 61472146). ...

doi:10.22667/jisis.2019.05.31.031 dblp:journals/jisis/WangXMLH19 fatcat:pwdc7t2lczhp3gerqtnlgpotku

DOAJ

Thus, the resulting confirmer signatures can be only proven secure in the random oracle model (ROM), inheriting this property from the use of the Fiat-Shamir paradigm, which constitutes their major shortcoming ... The result proposes a construction of confirmer signatures from digital signatures, public key encryption, bit-commitment schemes and pseudo-random functions. ... or the results in [41, 39] which show that some well known signatures, which are proven secure in the random oracle, cannot conserve the same security in the standard model. ...

doi:10.1007/978-3-642-10628-6_23 fatcat:dlwvqylb4rhvlj5z5rebhfr5p4

We propose the first universal designated verifier signature (UDVS) scheme whose security can be proven without random oracles, whereas the security of all previously known UDVS schemes are proven only ... To achieve our goal, we present a new short signature scheme without random oracles, which is a variant of BB04 scheme [4] . We also give new security definitions to UDVS. ... Security of BLS01 scheme was based on Gap Diffie-Hellman assumption in random oracle model [8, 3] . ...

doi:10.1007/11496137_33 fatcat:eturammnznbfja4l4zu5acu62i

A second proof is given, in which the random oracle model is replaced by the generic group model. ... A third proof permits the cipher to be XOR, by working in both the random oracle model and the generic group model. ... The random oracle paradigm asserts that "secure hash functions", such as SHA-1, can securely replace random oracles in cryptographic schemes that are secure in the random oracle model. ...

doi:10.1007/3-540-45353-9_11 fatcat:yczqo5e2mnbkbkywxuh3nxlr7i

Keywords: Identity-based encryption, digital signatures, random oracle model, extremely lossy functions, provable security. ... This includes the first constructions of identity-based key encapsulation mechanisms (ID-KEMs) and digital signatures over bilinear groups with full adaptive security and without random oracles, where ... Introduction The random oracle model (ROM) [BR93] is often used to analyze the security of cryptosystems in a hypothetical setting, where a cryptographic hash function is modeled as an oracle that implements ...

doi:10.1007/978-3-030-03329-3_8 fatcat:5pfjqsku5fcgbbn55a52s45p4i

Generic constructions of designated confirmer signatures follow one of the following two strategies; either produce a digital signature on the message to be signed, then encrypt the resulting signature ... We study the second strategy by determining the exact security property needed in the encryption to achieve secure constructions. ... Next, A produces a digital signature σ ′ on c ′ (this is possible in the insider security model) and queries the conversion oracle on (e, c ′ , σ ′ ) and the message k; if the oracle answers r =⊥, then ...

doi:10.1007/978-3-642-16280-0_6 fatcat:fassfvynyzfybb7ei3exztvmme

Most prior designated confirmer signature schemes either prove security in the random oracle model (ROM) or use general zeroknowledge proofs for NP statements (making them impractical). ... In this paper, we provide an alternate generic transformation to convert any signature scheme into a designated confirmer signature scheme, without adding random oracles. ... We thank Jan Camenisch for answering our questions regarding Schnorr designated confirmer signatures. We also thank the anonymous referees for useful comments. ...

doi:10.1007/11593447_36 fatcat:ae2l5onoprcopo7oyif3r35uyi

We introduce stronger notions of security for encryption and signatures, where challenge messages can depend in a restricted way on the random coins used in encryption, and show that two variants of the ... We obtain a very efficient signcryption scheme that is secure against insider attackers without random oracles. ... The authors would like to thank Nigel Smart and the anonymous ACNS'12 reviewers for helping to improve the quality of the paper. ...

doi:10.1007/978-3-642-31284-7_13 fatcat:6w5ppsu2rrhrlakjrpv3m33tiq

We also introduce and define a new security notion of Weak-IND-CCA2, a slightly weakened adaptation of the IND-CCA2 security model for signcryption schemes and prove that RSA-TBOS-PRE is secure in this ... We show the non-repudiability of our scheme in this model. ... Acknowledgements The authors would like to thank an anonymous referee for pointing out the work done in [16] . ...

doi:10.1145/1456520.1456531 dblp:conf/drm/KirtaneR08 fatcat:iziaoirr5rcxxlrfqgfd4zycja

Security of Digital Signature Schemes in Weakened Random Oracle Models [chapter]

Preserved Fulltext

Weakened Random Oracle Models with Target Prefix [article]

Preserved Fulltext

Encrypted Message Authentication by Firewalls [chapter]

Preserved Fulltext

Revisiting Optimistic Fair Exchange Based on Ring Signatures

Preserved Fulltext

Short Signatures in the Random Oracle Model [chapter]

Preserved Fulltext

Efficient Trapdoor Commitment as Secure as Factoring with Useful Properties

Preserved Fulltext

Signature Scheme from Trapdoor Functions

Preserved Fulltext

On Generic Constructions of Designated Confirmer Signatures [chapter]

Preserved Fulltext

Short Signature and Universal Designated Verifier Signature Without Random Oracles [chapter]

Preserved Fulltext

Formal Security Proofs for a Signature Scheme with Partial Message Recovery [chapter]

Preserved Fulltext

Short Digital Signatures and ID-KEMs via Truncation Collision Resistance [chapter]

Preserved Fulltext

Efficient Confirmer Signatures from the "Signature of a Commitment" Paradigm [chapter]

Preserved Fulltext

Efficient Designated Confirmer Signatures Without Random Oracles or General Zero-Knowledge Proofs [chapter]

Preserved Fulltext

On the Joint Security of Signature and Encryption Schemes under Randomness Reuse: Efficiency and Security Amplification [chapter]

Preserved Fulltext

RSA-TBOS signcryption with proxy re-encryption

Preserved Fulltext