A short fail-stop signature scheme from factoring

Abstract

Fail-stop signature (FSS) is information theoretically secure digital signature in the sense that even if a signature is forged, the signer can prove the forgery with overwhelming probability. There are many known constructions of FSS schemes based on various assumptions. Among them, factoring-based schemes are important due to their high reliability. However, known factoring-based FSS schemes generally suffer from their large signature sizes, which are larger than |N|, where |N| is the length of an underlying composite number. In this paper, we propose a new factoring-based FSS scheme. For this purpose, we propose a variant of the generic construction of FSS schemes based on a bundling homomorphism. Specifically, we introduce a notion of a collision resistant group generator, which can be seen as a variant of a bundling homomorphism, and propose a generic construction of FSS schemes based on it. Then we propose a construction of a collision resistant group generator based on the factoring assumption. This yields the first factoring-based FSS scheme whose signature size is smaller than |N|.