AN EFFICIENT EXISTENTIALLY UNFORGEABLE SIGNATURE SCHEME AND ITS APPLICATIONS

Authors
DWORK C NAOR M
Citation
C. Dwork et M. Naor, AN EFFICIENT EXISTENTIALLY UNFORGEABLE SIGNATURE SCHEME AND ITS APPLICATIONS, Journal of cryptology, 11(3), 1998, pp. 187-208
Citations number
32
Categorie Soggetti
Computer Science Theory & Methods",Mathematics,"Computer Science Theory & Methods","Engineering, Eletrical & Electronic",Mathematics
Journal title
Journal of cryptologyACNP
ISSN journal
09332790
Volume
11
Issue
3
Year of publication
1998
Pages
187 - 208
Database
ISI
SICI code
0933-2790(1998)11:3<187:AEEUSS>2.0.ZU;2-P
Abstract
A signature scheme is existentially unforgeable if, given any polynomi al (in the security parameter) number of pairs (m(1), S(m(1))), (m(2), S(m(2))),..., (m(k), S(m(k))), where S(m) denotes the signature on th e message m, it is computationally infeasible to generate a pair (m(k1), S(m(k+1))) for any message m(k+1) is not an element of {m(1),..., m(k)}. We present an existentially unforgeable signature scheme that f or a reasonable setting of parameters requires at most six times the a mount of time needed to generate a signature using ''plain'' RSA (whic h is not existentially unforgeable). We point out applications where o ur scheme is desirable.