Security notions for stateful signature schemes

Abstract

In some digital signature schemes, the signer needs to maintain a dynamic state while signing messages. These are called stateful signature schemes. Although stateful signature schemes are commonly used as cryptographic primitives, they do not fit the standard definition of a signature scheme in cryptography. In this work, formal and general definitions for stateful signature schemes are given. In the definitions of security notions, various scenarios are considered where the adversaries have different levels of control over the signing oracle in terms of messages and states. After that, generic constructions of stateful signature schemes with different security levels are provided. In addition, some black-box constructions of stateful signature schemes that can be instantiated by primitives under any assumptions are given. Note that the constructions in this work are proven to be secure in standard models.