Public key signatures in the multi-user setting

doi:10.1016/S0020-0190(01)00338-6

Information Processing Letters

Volume 83, Issue 5, 15 September 2002, Pages 263-266

https://doi.org/10.1016/S0020-0190(01)00338-6 Get rights and content

Abstract

This paper addresses the security of public key signature schemes in a “multi-user” setting. We bound the advantage of an adversary in producing an existential forgery on any one of a set of target public keys by the advantage of an adversary in producing an existential forgery on a single public key for any public key signature algorithm. We then improve the concrete security of this general reduction for certain specific discrete logarithm based signature algorithms such as that of Schnorr.

References (6)

M. Bellare et al.
Public-key encryption in a multi-user setting: Security proofs and improvements
M. Bellare et al.
The exact security of digital signatures—How to sign with RSA and Rabin
R. Cramer et al.
A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack

There are more references available in the full text version of this article.

Cited by (41)

Generalized public-key cryptography with tight security
2019, Information Sciences
Citation Excerpt :
The models consider more realistic threats in practice, where the adversary receives multiple public keys and chooses one as the challenge public key. The security models of signature and public-key encryption (PKE) schemes in the multi-user setting were introduced in [13] and [7], respectively. The security models in the multi-user setting with corruptions (MU-C) give the adversary more powerful capabilities.
Tightly secure public-key cryptographic schemes enjoy the advantage that the selection of the security parameter can be optimal to achieve a certain security level. Security models in the multi-user setting with corruptions (MU-C) consider more realistic threats in practice. Many efforts have been devoted to constructing tightly MU-C secure schemes. To date, we have many concrete constructions. Nevertheless, the study on how to generally achieve tight security in public-key cryptography remains lacking.
In this paper, we take an insight into the key generations in public-key cryptography. We first generalize the key generation algorithms of traditional schemes and discuss the requirements of achieving tight security. We notice that for some schemes (e.g. key-unique schemes), these requirements inherently cannot be satisfied and hence these schemes cannot achieve tight security. This is in accordance with the impossibility results of tight reductions by Bader et al. (EUROCRYPT 2016). To further study possible constructions, we extend the key generations of public-key cryptographic schemes to obtain a different framework. To demonstrate its applications, we illustrate how to construct tightly secure key-unique schemes under the extended framework. This circumvents the impossibility results of tight security for key-unique schemes.
Tightly secure signature schemes from the LWE and subset sum assumptions
2019, Theoretical Computer Science
In this paper, we study how to construct tightly secure signature scheme against adaptive chosen message attacks in the multi-user setting (i.e., tightly euf-m-cma secure signature) from the learning with errors (LWE) assumptions. More precisely, we propose a modular framework of euf-m-cma secure signature from a weak partial one-time signature (POS) scheme that is secure only against random message attacks in the multi-user setting (i.e., euf-m-rma secure) and possesses imperfect correctness. By instantiating the weak POS with the LWE assumption, we obtain the first LWE-based tightly euf-m-cma secure signature scheme in the multi-user setting. Moreover, we also present an instantiation of the weak POS based on the Subset Sum (SS) assumption, and again we obtain the first almost tightly euf-cma secure signature scheme from the SS assumption in the single-user setting. All our security reductions are tight and without random oracles.
A generic construction of tightly secure signatures in the multi-user setting
2019, Theoretical Computer Science
In this paper, we present a generic construction of tightly secure signature schemes in the multi-user setting, which is in turn used to construct tightly secure identity-based signature schemes. Both of the securities of the constructions are based on the hardness of some subset membership problems (SMP). By instantiating SMP with the Decisional Composite Residuosity (DCR) and Matrix Decisional Diffie–Hellman (MDDH) problems, we obtain tightly secure signature schemes and tightly secure identity-based signatures based on the DCR and MDDH assumptions, respectively.
Efficient multi-party concurrent signature from lattices
2016, Information Processing Letters
Citation Excerpt :
Owing to the feature, concurrent signature schemes are useful in some actual settings including contract signing. Along with the work of Chen et al., some related researches are proposed in recent years [2–12], the above work mainly consists of two-user setting or multi-user setting. Mu et al. [2] and Chow et al. [3] proposed two perfect concurrent signature schemes.
Concurrent signature is a novel paradigm, which can achieve fair exchange of signatures between users. Since its appearance, the topic has been widely concerned, while the study of concurrent signature in multi-user setting suffers from some criticism. Almost all known multi-user concurrent signature schemes rely on the hardness assumptions that is insecure against quantum analysis. Furthermore, most of multi-party concurrent signature (MCS) schemes are lacking of formal security models. In the paper, in the random oracle model, we propose a construction of lattice-based MCS scheme and prove its security under the hardness of the small integer solution (SIS) problem. Since our proposed scheme is based on the lattice assumptions, which is believed to be quantum-resistant, the mathematical properties make our scheme simpler and more flexible.
Limits in the Provable Security of ECDSA Signatures
2023, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Security Analysis of RSA-BSSA
2023, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

View all citing articles on Scopus

View full text

Public key signatures in the multi-user setting

Abstract

Public-key encryption in a multi-user setting: Security proofs and improvements

The exact security of digital signatures—How to sign with RSA and Rabin

A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack