Skip to main content
SpringerLink
Log in

Reactively secure signature schemes

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Protocols for problems like Byzantine agreement, clock synchronization, or contract signing often use digital signatures as the only cryptographic operation. Proofs of such protocols are frequently based on an idealizing “black-box” model of signatures. We show that the standard cryptographic security definition for digital signatures is not sufficient to ensure that such proofs are still valid if the idealized signatures are implemented with real, provably secure signatures.

We propose a definition of signature security suitable for general reactive, asynchronous environments, called reactively secure signature schemes, and prove that, for signature schemes where signing just depends on a counter as state, the standard security definition implies our definition.

We further propose an idealization of digital signatures that can be used in a reactive and composable fashion, and we show that reactively secure signature schemes constitute a secure implementation of our idealization.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Backes M, Jacobi C (2003) Cryptographically sound and machine-assisted verification of security protocols. In: Proc. 20th annual symposium on theoretical aspects of computer science (STACS). Lecture notes in computer science, vol 2607. Springer, Berlin Heidelberg New York, pp 675–686

  2. Backes M, Pfitzmann B (2002) Computational probabilistic non-interference. In: Proc. 7th European symposium on research in computer security (ESORICS). Lecture notes in computer science, vol 2502. Springer, Berlin Heidelberg New York, pp 1–23

  3. Backes M, Pfitzmann B (2003) Intransitive non-interference for cryptographic purposes. In: Proc. 24th IEEE symposium on security and privacy, pp 140–152

  4. Backes M, Pfitzmann B, Steiner M, Waidner M (2002) Polynomial fairness and liveness. In: Proc. 15th IEEE workshop on computer security foundations (CSFW), pp 160–174

  5. Backes M, Pfitzmann B, Waidner M (2003) A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM conference on computer and communications security, pp 220–230. Full version in IACR Cryptology ePrint Archive 2003/015, January 2003. http://eprint.iacr.org/

  6. Backes M, Pfitzmann B, Waidner M (2003) Reactively secure signature schemes. In: Proc. 6th conference on information security (ISC), pp 84–95

  7. Backes M, Pfitzmann B, Waidner M (2004) Low-level ideal signatures and general integrity idealization. In: Proc. 7th conference on information security (ISC). (in press)

  8. Beaver D (1991) Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. J Cryptol 4(2):75–122

    Article  Google Scholar 

  9. Beaver D (1992) How to break a “secure" oblivious transfer protocol. In: Advances in Cryptology: EUROCRYPT ’92. Lecture notes in computer science, vol 658. Springer, Berlin Heidelberg New York, pp 285–296

  10. Bellare M, Boldyreva A, Micali S (2000) Public-key encryption in a multi-user setting: security proofs and improvements. In: Advances in Cryptology: EUROCRYPT 2000. Lecture notes in computer science, vol 1807. Springer, Berlin Heidelberg New York, pp 259–274

  11. Bellare M, Canetti R, Krawczyk H (1998) A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. 30th annual ACM symposium on theory of computing (STOC), pp 419–428

  12. Canetti R (2000) Security and composition of multiparty cryptographic protocols. J Cryptol 3(1):143–202

    Article  Google Scholar 

  13. Canetti R (2001) Universally composable security: a new paradigm for cryptographic protocols. In: Proc. 42nd IEEE symposium on foundations of computer science (FOCS), pp 136–145. Extended version in Cryptology ePrint Archive, Report 2000/67. http://eprint.iacr.org/

  14. Canetti R (2004) Universally composable signatures, certification and authorization. In: Proc. 17th IEEE workshop on computer security foundations (CSFW). Extended version in Cryptology ePrint Archive, Report 2003/239. http://eprint.iacr.org/

  15. Canetti R, Goldwasser S (1999) An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Advances in Cryptology: EUROCRYPT ’99. Lecture notes in computer science, vol 1592. Springer, Berlin Heidelberg New York, pp 90–106

  16. Canetti R, Krawczyk H (2002) Universally composable notions of key exchange and secure channels (extended abstract). In: Advances in Cryptology: EUROCRYPT 2002. Lecture notes in computer science, vol 2332. Springer, Berlin Heidelberg New York, pp 337–351. Extended version in IACR Cryptology ePrint Archive 2002/059. http://eprint.iacr.org/

  17. Canetti R, Rabin T (2003) Universal composition with joint state. In: Advances in Cryptology: CRYPTO 2003. Lecture notes in computer science, vol 2729. Springer, Berlin Heidelberg New York, pp 265–281

  18. Cramer R, Damgård I (1995) Secure signature schemes based on interactive protocols. In: Advances in Cryptology: CRYPTO ’95. Lecture notes in computer science, vol 963. Springer, Berlin Heidelberg New York, pp 297–310

  19. Cramer R, Damgård I (1996) New generation of secure and practical RSA-based signatures. In: Advances in Cryptology: CRYPTO ’96. Lecture notes in computer science, vol 1109. Springer, Berlin Heidelberg New York, pp 173–185

  20. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  Google Scholar 

  21. Dwork C, Naor M (1998) An efficient existentially unforgeable signature scheme and its applications. J Cryptol 11(3):187–208

    Article  Google Scholar 

  22. Gennaro R, Micali S (1995) Verifiable secret sharing as secure computation. In: Advances in Cryptology: EUROCRYPT ’95. Lecture notes in computer science, vol 921. Springer, Berlin Heidelberg New York, pp 168–182

  23. Goldreich O (2002) Secure multi-party computation. Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, June 1998, revised version 1.4 October 2002. http://www.wisdom.weizmann.ac.il/users/oded/pp.htm

  24. Goldreich O, Micali S, Wigderson A (1987) How to play any mental game – or – a completeness theorem for protocols with honest majority. In: Proc. 19th annual ACM symposium on theory of computing (STOC), pp 218–229

  25. Goldwasser S, Levin L (1990) Fair computation of general functions in presence of immoral majority. In: Advances in Cryptology: CRYPTO ’90. Lecture notes in computer science, vol 537. Springer, Berlin Heidelberg New York, pp 77–93

  26. Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308

    Article  Google Scholar 

  27. Hirt M, Maurer U (2000) Player simulation and general adversary structures in perfect multiparty computation. J Cryptol 13(1):31–60

    Article  Google Scholar 

  28. Lincoln P, Mitchell J, Mitchell M, Scedrov A (1998) A probabilistic poly-time framework for protocol analysis. In: Proc. 5th ACM conference on computer and communications security, pp 112–121

  29. Lincoln P, Mitchell J, Mitchell M, Scedrov A (1999) Probabilistic polynomial-time equivalence and security analysis. In: Proc. 8th symposium on formal methods Europe (FME 1999). Lecture notes in computer science, vol 1708. Springer, Berlin Heidelberg New York, pp 776–793

  30. Micali S, Rogaway P (1991) Secure computation. In: Advances in Cryptology: CRYPTO ’91. Lecture notes in computer science, vol 576. Springer, Berlin Heidelberg New York, pp 392–404

  31. Pfitzmann B (1993) Sorting out signature schemes. In: Proc. 1st ACM conference on computer and communications security, pp 74–85

  32. Pfitzmann B (1996) Digital signature schemes – general framework and fail-stop signatures. Lecture notes in computer science, vol 1100. Springer, Berlin Heidelberg New York

  33. Pfitzmann B, Waidner M (1994) A general framework for formal notions of “secure” systems. Research report 11/94, University of Hildesheim, April. http://www.semper.org/sirene/lit/abstr94.html#PfWa_94

  34. Pfitzmann B, Waidner M (2000) Composition and integrity preservation of secure reactive systems. In: Proc. 7th ACM conference on computer and communications security, pp 245–254. Extended version (with Matthias Schunter) IBM Research Report RZ 3206, May 2000. http://www.semper.org/sirene/publ/PfSW1_00ReactSimulIBM.ps.gz

  35. Pfitzmann B, Waidner M (2001) A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE symposium on security and privacy, pp 184–200. Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082. http://eprint.iacr.org/

  36. Rompel J (1990) One-way functions are necessary and sufficient for secure signatures. In: Proc. 22nd annual ACM symposium on theory of computing (STOC), pp 387–394

  37. Syverson P, Meadows C (1993) A logical language for specifying cryptographic protocol requirements. In: Proc. 14th IEEE symposium on security and privacy, pp 165–177

  38. Yao AC (1982) Protocols for secure computations. In: Proc. 23rd IEEE symposium on foundations of computer science (FOCS), pp 160–164

  39. Yao AC (1982) Theory and applications of trapdoor functions. In: Proc. 23rd IEEE symposium on foundations of computer science (FOCS), pp 80–91

Download references

Author information

Authors and Affiliations

  1. Zurich Research Laboratory, IBM Research, 8803, Rüschlikon, Switzerland

    Michael Backes, Birgit Pfitzmann & Michael Waidner

Authors
  1. Michael Backes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Birgit Pfitzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Waidner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Backes.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Backes, M., Pfitzmann, B. & Waidner, M. Reactively secure signature schemes. Int J Inf Secur 4, 242–252 (2005). https://doi.org/10.1007/s10207-004-0062-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0062-8

Keywords

Search

Navigation