Abstract
In many real-life situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paper-based) such as bank-notes, badges, ID cards, driving licenses or passports (hereafter IDs); while large-scale ID replacements are costly and prohibitive, one may reasonably assume that the updating of verification equipment (e.g. off-line border checkpoints or mobile patrol units) is exceptionally acceptable.
In such a context, an attacker using coercive means (e.g. kidnapping) can force the system authorities to reveal the infrastructure’s secret signature keys and start issuing signatures that are indistinguishable from those issued by the authority.
The solution presented in this paper withstands such attacks up to a certain point: after the theft, the authority restricts the verification criteria (by an exceptional verification equipment update) in such a way that the genuine signatures issued before the attack become easily distinguishable from the fresher signatures issued by the attacker.
Needless to say, we assume that at any point in time the verification algorithm is entirely known to the attacker.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Bellare, J.A. Garay, T. Rabin, Fast Batch verification for modular exponentiation and digital signatures, Advances in Cryptology Eurocrypt’98, Springer-Verlag, LNCS 1403, pp. 236–250, 1998.
M. Bellare, P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, Proceedings of the 1-st ACM conference on computer and communications security, pp. 62–73, 1993.
M. Bellare, P. Rogaway, The exact security of digital signatures-How to sign with RSA and Rabin, Advances in Cryptology Eurocrypt’96, Springer-Verlag, LNCS 1070, pp. 399–416, 1996.
S. Brands, An efficient off-line electronic cash system based on the representation problem, Technical report, CWI (Centrum voor Wiskunde en Informatica), 1993. Also available on-line: http://www.cwi.nl/cwi/publications CS-R9323.
T. El Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, vol. IT-31, no. 4, pp. 469–472, 1985.
U. Feige, A. Fiat, A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, vol. 1, no. 2, pp. 77–95, 1988.
S. Goldwasser, S. Micali, R. Rivest, A Digital signature scheme secure against adaptative chosen-message attacks, SIAM journal of computing, vol. 17, pp. 281–308, 1988.
A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, Proactive secret sharing, or: how to cope with perpetual leakage, Advances in Cryptology Crypto’95, Springer-Verlag, LNCS 963, pp. 339–352, 1995.
M. Jakobsson, M. Yung, Revokable and versatile electronic money, Proceedings of the 3-rd ACM conference on computer and communications security, pp. 76–87, 1996.
C. Li, T. Hwang, M. Lee, (t,n)-threshold signature schemes based on discrete logarithm. Advances in Cryptology Eurocrypt’94, Springer-Verlag, LNCS 950, pp. 191–200, 1995.
D. M’raïhi, D. Naccache, S. Vaudenay, D. Raphaeli, Can D. S. A. be improved ? Complexity trade-offs with the digital signature standard, Advances in Cryptology Eurocrypt’94, Springer-Verlag, LNCS 950, pp. 77–85, 1995.
D. M’raïhi, D. Naccache, Batch exponentiation-A fast DLP-based signature generation strategy, 3-rd ACM conference on communications and computer security, pp. 58–61, 1996.
D. M’raïhi, D. Naccache, D. Pointcheval, S. Vaudenay, Computational alternatives to random number generators, Proceedings of the fifth annual workshop on selected areas in cryptography, LNCS 1556, pp. 72–80, 1998. Springer-Verlag.
NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186, 1994.
T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, Advances in Cryptology Crypto’92, Springer-Verlag, LNCS 740, pp. 31–53, 1992.
D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology, vol. 13, no. 3, pp. 361–396, 2000.
R. Rivest, A. Shamir, L. Adleman, Method for obtaining digital signatures and public key cryptosystems, Communications of the ACM, vol. 21, pp. 120–126, 1978.
C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, vol. 4, no. 3, pp. 161–174, 1991.
V. Shoup, Practical threshold signatures, Technical report, IBM Research, June 1999. Report RZ 3121.
G. Simmons, The subliminal channel and digital signatures, Advances in Cryptology Eurocrypt’84, Springer-Verlag, LNCS 209, pp. 364–378, 1985.
S. von Solms, D. Naccache, On blind signatures and perfect crimes, Computers & Security, vol. 11, pp. 581–583, 1992
R.L. Van Renesse, Optical document security, Artech House Optoelectronics Library, 2-nd edition, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naccache, D., Pointcheval, D., Tymen, C. (2002). Monotone Signatures. In: Syverson, P. (eds) Financial Cryptography. FC 2001. Lecture Notes in Computer Science, vol 2339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46088-8_24
Download citation
DOI: https://doi.org/10.1007/3-540-46088-8_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44079-6
Online ISBN: 978-3-540-46088-6
eBook Packages: Springer Book Archive