Abstract
This paper initiates the study of the security of signature schemes in the multi-user setting. We argue that the well-accepted notion of security for signature schemes, namely existential unforgeability against adaptive chosen-message attacks, is not adequate for the multi-user setting. We propose an extension of this security notion to the multi-user setting and show that signature schemes proven secure in the single-user setting can, under reasonable constraints, also be proven secure in the multi-user setting.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
C. Adams and S. Farrell, Internet X.509 Public Key Infrastructure: Certificate Management Protocols, RFC 2510, March (1999).
ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999.
M. Bellare, A. Boldyreva and S. Micali, Public-key encryption in a multi-user setting: security proofs and improvements, Advances in Cryptology-Eurocrypt 2000, LNCS Vol. 1807 (2000) pp. 259–274.
M. Bellare and P. Rogaway, Entity authentication and key distribution, Advances in Cryptology-Crypto '93, LNCS Vol. 773 (1993) pp. 232–249.
M. Bellare and P. Rogaway, Optimal asymmetric encryption-how to encrypt with RSA, Advances in Cryptology-Eurocrypt '94, LNCS Vol. 950 (1994) pp. 92–111.
M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin, Advances in Cryptology-Eurocrypt '96, LNCS Vol. 1070 (1996) pp. 399–416.
D. Bernstein, A secure public-key signature system with extremely fast verification, preprint (2002).
S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, Proceedings of the 6th IMA International Conference on Cryptography and Coding, LNCS Vol. 1355 (1997) pp. 30–45.
S. Blake-Wilson and A Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, Proceedings of PKC '99, LNCS Vol. 1560 (1999) pp. 154–170.
J. Boyar, K. Friedl and C. Lund, Practical zero-knowledge proofs: Giving hints and using deficiencies, Journal of Cryptology, Vol. 4 (1991) pp. 185–206.
D. Brown, Generic groups, collision resistance, and ECDSA, preprint (2001).
J. Camenisch and M. Michels, Proving in zero-knowledge that a number is a product of two safe primes,Advances in Cryptology-Eurocrypt '99, LNCS Vol. 1592 (1999) pp. 107–122.
R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, Advances in Cryptology-Eurocrypt 2001, LNCS Vol. 2045 (2001) pp. 453–474.
R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Advances in Cryptology-Crypto '98, LNCS Vol. 1462 (1998) pp. 13–25.
W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, Vol. 2 (1992) pp. 107–125.
R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, Advances in Cryptology-Eurocrypt '99, LNCS Vol. 1592 (1999) pp. 123–139.
S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem, Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science (1984) pp. 441–448.
S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosenmessage attacks SIAM J. Computing, Vol. 17 (1988) pp. 281–308.
J. van de Graaf and R. Peralta, A simple and secure way to show the validity of your public key, Advances in Cryptology-Crypto '87, LNCS Vol. 293 (1988) pp. 128–134.
J. Håstad, Solving simultaneous modular equations of low degree, SIAM Journal on Computing, Vol. 17 (1988) pp. 336–341.
D. Johnson, A. Menezes and S. Vanstone, The elliptic curve digital signature algorithm (ECDSA), International J. Information Security, Vol. 1 (2001) pp. 36–63.
M. Meyers, C. Adams, D. Solo and D. Kemp, Internet X.509 Certificate Request Message Format, RFC 2511, March (1999).
National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186–2 (2000).
P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces, Journal of Cryptology, Vol. 15 (2002) pp. 151–176.
D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology, Vol. 13 (2000) pp. 361–396.
M. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT Lab. for Computer Science, Technical Report LCS/TR-212, 1979
C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, Vol. 4 (1991) pp. 161–174.
V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-Eurocrypt '97, LNCS Vol. 1233 (1997) pp. 256–266.
V. Shoup, On formal models for secure key exchange, Cryptology ePrint Archive Report 1999/012, 1999. Available from http://eprint.iacr.org/1999/.
J. Stern, D. Pointcheval, J. Malone-Lee and N. P. Smart, Flaws in applying proof methodologies to signature schemes, Advances in Cryptology-CRYPTO 2002, LCNS Vol. 2442 (2002) pp. 93–110.
H. Williams, A modification of the RSA public-key encryption procedure, IEEE Transactions on Information Theory, Vol. 26 (1980) pp. 726–729.
Rights and permissions
About this article
Cite this article
Menezes, A., Smart, N. Security of Signature Schemes in a Multi-User Setting. Designs, Codes and Cryptography 33, 261–274 (2004). https://doi.org/10.1023/B:DESI.0000036250.18062.3f
Issue Date:
DOI: https://doi.org/10.1023/B:DESI.0000036250.18062.3f