Filters








46 Hits in 4.3 sec

Tightly-Secure Signatures from Chameleon Hash Functions [chapter]

Olivier Blazy, Saqib A. Kakvi, Eike Kiltz, Jiaxin Pan
2015 Lecture Notes in Computer Science  
} ∧ spk = spk i for some i Signatures Define signature := (path,σ 1 , . . . , σ L ) Verify: • Check if (σ 1 , . . . , σ L ) are valid two-tier signatures on path Tight Sign from CHF|Horst Görtz Institute  ...  for IT-Security|NIST, Maryland|PKC 2015 24/30 Tight Sign from CHF|Horst Görtz Institute for IT-Security|NIST, Maryland|PKC 2015 27/30 spk) Adversary wins: TTVer(ppk, spk, M, σ) = 1 ∧ M / ∈ {M 1 Adversary  ... 
doi:10.1007/978-3-662-46447-2_12 fatcat:gmll6i2oq5amtnapagw4rb3r2i

Tight Security for Signature Schemes Without Random Oracles

Sven Schäge
2013 Journal of Cryptology  
We present the first tight security proofs for two general classes of Strong RSA (SRSA) based signature schemes.  ...  In contrast to previous proofs, our security reduction does not lose a factor of q here, where q is the number of signature queries made by the adversary.  ...  Then, we prove the combining signature scheme and the chameleon hash scheme to be tightly secure under the SRSA assumption when instantiated with any secure combining function, respectively chameleon hash  ... 
doi:10.1007/s00145-013-9173-6 fatcat:xvqby5svf5ashedbyuowdckcom

An Efficient CDH-Based Signature Scheme with a Tight Security Reduction [chapter]

Benoît Chevallier-Mames
2005 Lecture Notes in Computer Science  
They also remarked that EDL can be turned into an off-line/on-line signature scheme using the technique of Shamir and Tauman, based on chameleon hash functions.  ...  In this paper, we propose a new signature scheme that also has a tight security reduction to CDH but whose resulting signatures are smaller than EDL signatures.  ...  of [ST01] based on chameleon hash functions [KR00] to transform this signature into a signature with coupons, what we will call EDL-CH in the sequel.  ... 
doi:10.1007/11535218_31 fatcat:flb5xc5gynh2lnmynoy6gxcmpq

Improving security of q-SDH based digital signatures

Fuchun Guo, Yi Mu, Willy Susilo
2011 Journal of Systems and Software  
We also propose a new approach to construct fully secure signatures from weakly secure signature against known-message attacks.  ...  We propose a new digital signature scheme that can tightly reduce the security to the proposed assumption in the standard model.  ...  The security transformation incorporates the chameleon hash function [18, 19] .  ... 
doi:10.1016/j.jss.2011.05.023 fatcat:2gmjgzkhqvasvenrmf6xizjn5m

Tight Proofs for Signature Schemes without Random Oracles [chapter]

Sven Schäge
2011 Lecture Notes in Computer Science  
We present the first tight security proofs for two general classes of Strong RSA based signature schemes.  ...  proven secure under the SDH assumption.  ...  Then, we prove the combining signature scheme and the chameleon hash scheme to be tightly secure under the SRSA assumption when instantiated with any secure combining function, respectively chameleon hash  ... 
doi:10.1007/978-3-642-20465-4_12 fatcat:myl6mi6s7jeuzdvik7j2bzql5e

A Practical and Tightly Secure Signature Scheme Without Hash Function [chapter]

Benoît Chevallier-Mames, Marc Joye
2006 Lecture Notes in Computer Science  
In this paper, we revisit the GHR signature scheme and completely remove the extra assumption made on the hash functions without relying on injective prime mappings.  ...  The security of the GHR scheme and of its twinning-based variant are shown to be tightly based on the flexible RSA problem but additionally (i) either assumes the existence of division-intractable hash  ...  Clearly, the chameleon hash function could be of different nature: for a joint use with GHR scheme, most interesting cases are certainly chameleon hash functions based on RSA or factorization problems  ... 
doi:10.1007/11967668_22 fatcat:t4ewfbm3y5awbplfcajkytyp6m

New Signature Schemes with Coupons and Tight Reduction [chapter]

Benoît Chevallier-Mames
2005 Lecture Notes in Computer Science  
This paper introduces a new generic signature scheme based on any zero-knowledge identification protocol Z and signature scheme S verifying basic security properties.  ...  scheme are secure.  ...  Acknowledgements The author would like to thank his careful PhD advisor, David Pointcheval (ENS-CNRS), for teaching him so much about provable security. Many thanks  ... 
doi:10.1007/11496137_35 fatcat:maqacwgnlbb4rpjhiva6xkct5a

Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications [chapter]

Stephan Krenn, Henrich C. Pöhls, Kai Samelin, Daniel Slamanig
2018 Lecture Notes in Computer Science  
Definition 5 (Secure Chameleon-Hashes). A chameleon-hash CH is secure, if it is correct, indistinguishable, and collision-resistant.  ...  A chameleon-hash behaves likes a standard collision-resistant hash function for outsiders. If, however, a trapdoor is known, arbitrary collisions can be found.  ...  Introduction Standard chameleon-hashes have proven to be useful in very different areas such as on/offline signatures [28, 33, 57] , (tightly) secure signatures [14, 44, 51] , but also sanitizable signature  ... 
doi:10.1007/978-3-319-89339-6_2 fatcat:bvkvzn4cbzebxgtpdytjjdkg4a

General Conversion for Obtaining Strongly Existentially Unforgeable Signatures

I. TERANISHI, T. OYAMA, W. OGATA
2008 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
This second conversion also uses a chameleon commitment scheme but only requires the key only attack security for it. key words: signature scheme, strong unforgeability, standard model, chameleon commitment  ...  We define the chosen message security notion for the chameleon commitment scheme, and show that the signature scheme transformed by our proposed conversion satisfies the SEU property if the chameleon commitment  ...  Definition 2.7 (Collision Resistant Hash Function). Let κ be a security parameter and Let {H κ } be a family of functions H = H κ : {0, 1} * → {0, 1} κ named hash functions.  ... 
doi:10.1093/ietfec/e91-a.1.94 fatcat:chgu6gtyujdh3a54mb3i736baq

General Conversion for Obtaining Strongly Existentially Unforgeable Signatures [chapter]

Isamu Teranishi, Takuro Oyama, Wakaha Ogata
2006 Lecture Notes in Computer Science  
This second conversion also uses a chameleon commitment scheme but only requires the key only attack security for it. key words: signature scheme, strong unforgeability, standard model, chameleon commitment  ...  We define the chosen message security notion for the chameleon commitment scheme, and show that the signature scheme transformed by our proposed conversion satisfies the SEU property if the chameleon commitment  ...  Definition 2.7 (Collision Resistant Hash Function). Let κ be a security parameter and Let {H κ } be a family of functions H = H κ : {0, 1} * → {0, 1} κ named hash functions.  ... 
doi:10.1007/11941378_14 fatcat:y3jdxebidfhltnvlmipikwljqm

All-But-Many Lossy Trapdoor Functions from Lattices and Applications [chapter]

Xavier Boyen, Qinyi Li
2017 Lecture Notes in Computer Science  
Our second result is a public-key system tightly secure against "selective opening" attacks, where an attacker gets many challenges and can ask to see the random bits of any of them.  ...  Unlike the previous schemes which behaved as "encrypted signatures", the core of our construction is an "encrypted, homomorphic-evaluation-friendly, weak pseudorandom function".  ...  Let CH = (CH.Gen, CH.Eval, CH.Equiv) be a secure chameleon hash function.  ... 
doi:10.1007/978-3-319-63697-9_11 fatcat:pmo3lrzhznfe7nftg5qgrj3nhm

Strong Security from Probabilistic Signature Schemes [chapter]

Sven Schäge
2012 Lecture Notes in Computer Science  
It is well-known that, using chameleon hash functions, the resulting weakly secure scheme can then be turned into a fully secure one.  ...  We introduce a new and very weak security notion for signature schemes called target randomness security.  ...  We stress that most chameleon hash function are also secure in this strong sense.  ... 
doi:10.1007/978-3-642-30057-8_6 fatcat:jmtuxig7czbbnj32cp75oc73j4

Lossy Algebraic Filters with Short Tags [chapter]

Benoît Libert, Chen Qian
2019 Lecture Notes in Computer Science  
As a second contribution, we show how to modify our scheme so as to prove it (almost) tightly secure, meaning that security reductions are not affected by a concrete security loss proportional to the number  ...  Lossy algebraic filters (LAFs) are function families where each function is parametrized by a tag, which determines if the function is injective or lossy.  ...  Chameleon Hash Functions A chameleon hash function [32] is a tuple of algorithms CMH = (CMKg, CMhash, CMswitch) which contains an algorithm CMKg that, given a security parameter 1 λ , outputs a key pair  ... 
doi:10.1007/978-3-030-17253-4_2 fatcat:acteh75bjberlapiob7r2q4yj4

Adaptive Oblivious Transfer and Generalization [chapter]

Olivier Blazy, Céline Chevalier, Paul Germouty
2016 Lecture Notes in Computer Science  
Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user.  ...  Recent Oblivious Transfer instantiations secure in the UC framework suffer from a drastic fallback.  ...  Chameleon- Hash We first extend the Pedersen commitment, to obtain a compatible verifiable Chameleon Hash functions:-KeyGen(K): Outputs the chameleon hash key ck 1 = F $ ← D k and the trapdoor tk = F ·  ... 
doi:10.1007/978-3-662-53890-6_8 fatcat:hqptla6mpfgrlpz3uopbal3sc4

Strongly Unforgeable Signatures and Hierarchical Identity-Based Signatures from Lattices without Random Oracles [chapter]

Markus Rückert
2010 Lecture Notes in Computer Science  
Moreover, we show how to directly implement identity-based, and even hierarchical identity-based, signatures (IBS) in the same strong security model without random oracles.  ...  We equip all constructions with strong security proofs based on mild worst-case assumptions on lattices and we also propose concrete security parameters.  ...  The author is indebted to one of the reviewers, who suggested a simplification for demonstrating that the scheme in [12] is not SU-CMA secure.  ... 
doi:10.1007/978-3-642-12929-2_14 fatcat:r2goh4grkzdl5ek6ddhc4llb3e
« Previous Showing results 1 — 15 out of 46 results