We provide a positive result about the Fiat-Shamir (FS) transform in the standard model, showing how to use it to convert threemove identification protocols into two-tier signature schemes with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. We can show that numerous protocols have the required properties and so obtain numerous efficient two-tier schemes. Our first application is a two-tier scheme based transform of any unforgeable signature scheme into a strongly unforgeable one. (This extends Boneh, Shen and Waters [8] whose transform only applies to a limited class of schemes.) The second application is new one-time signature schemes that, compared to one-way function based ones of the same computational cost, have smaller key and signature sizes. © International Association for Cryptologic Research 2007.
CITATION STYLE
Bellare, M., & Shoup, S. (2007). Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4450 LNCS, pp. 201–216). Springer Verlag. https://doi.org/10.1007/978-3-540-71677-8_14
Mendeley helps you to discover research relevant for your work.