Results 1  10
of
19
The OneMoreRSAInversion Problems and the Security of Chaum’s Blind Signature Scheme
 Journal of Cryptology
, 2003
"... Abstract We introduce a new class of computational problems which we call the "onemoreRSAinversion " problems. Our main result is that two problems in this class, which we call the chosentarget and knowntarget inversion problems respectively, have polynomiallyequivalent comput ..."
Abstract

Cited by 74 (5 self)
 Add to MetaCart
(Show Context)
Abstract We introduce a new class of computational problems which we call the &quot;onemoreRSAinversion &quot; problems. Our main result is that two problems in this class, which we call the chosentarget and knowntarget inversion problems respectively, have polynomiallyequivalent computational complexity. We show how this leads to a proof of security for Chaum's RSAbased blind signature scheme in the random oracle model based on the assumed hardness of either of these problems. We define and prove analogous results for &quot;onemorediscretelogarithm &quot; problems. Since the appearence of the preliminary version of this paper, the new problems we have introduced have found other uses as well.
Constructing fair exchange protocols for ecommerce via distributed computation of RSA signatures
 in PODC 2003
, 2003
"... Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party do ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
(Show Context)
Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party does. We describe a novel method of constructing very efficient fairexchange protocols by distributing the computation of RSA signatures. Specifically, we employ multisignatures based on the RSAsignature scheme. To date, the vast majority of fairexchange protocols require the use of zeroknowledge proofs, which is the most computationally intensive part of the exchange protocol. Using the intrinsic features of our multisignature model, we construct protocols that require no zeroknowledge proofs in the exchange protocol. Use of zeroknowledge proofs is needed only in the protocol setup phasethis is a onetime cost. Furthermore, our scheme uses multisignatures that are compatible with the underlying standard (singlesigner) signature scheme, which makes it possible to readily integrate the fairexchange feature with existing ecommerce systems.
Proactive TwoParty Signatures for User Authentication
 Proc. 10th Annual Network and Distributed System Security Symposium (NDSS’03), The Internet Society
, 2003
"... We study proactive twoparty signature schemes in the context of user authentication. A proactive twoparty signature scheme (P2SS) allows two partiesthe client and the serverjointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation rem ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
We study proactive twoparty signature schemes in the context of user authentication. A proactive twoparty signature scheme (P2SS) allows two partiesthe client and the serverjointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr's popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions.
FineGrained Control of Security Capabilities
 ACM Transactions on Internet Technology
, 2004
"... We present a new approach for finegrained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an online semitrusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
We present a new approach for finegrained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an online semitrusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.
An AbuseFree Fair Contract Signing Protocol Based on the RSA Signature
, 2005
"... A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signatur ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signature scheme, a new digital contract signing protocol is proposed in this paper. Like the existing RSAbased solutions for the same problem, our protocol is not only fair, but also optimistic, since the third trusted party is involved only in the situations where one party is cheating or the communication channel is interrupted. Furthermore, the proposed protocol satisfies a new property, i.e., it is abusefree. That is, if the protocol is executed unsuccessfully, none of the two parties can show the validity of intermediate results to others. Technical details are provided to analyze the security and performance of the proposed protocol. In summary, we present the first abusefree fair contract signing protocol based on the RSA signature, and show that it is both secure and e#cient.
Separation Results on the “OneMore ” Computational Problems
"... the notion of “onemore ” computational problems. Since their introduction, these problems have found numerous applications in cryptography. For instance, Bellare et al. showed how they lead to a proof of security for Chaum’s RSAbased blind signature scheme in the random oracle model. In this paper ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
the notion of “onemore ” computational problems. Since their introduction, these problems have found numerous applications in cryptography. For instance, Bellare et al. showed how they lead to a proof of security for Chaum’s RSAbased blind signature scheme in the random oracle model. In this paper, we provide separation results for the computational hierarchy of a large class of algebraic “onemore ” computational problems (e.g. the onemore discrete logarithm problem, the onemore RSA problem and the onemore static Computational DiffieHellman problem in a bilinear setting). We also give some cryptographic implications of these results and, in particular, we prove that it is very unlikely, that one will ever be able to prove the unforgeability of Chaum’s RSAbased blind signature scheme under the sole RSA assumption. Keywords: “Onemore ” problems, Blackbox reductions, Random selfreducible problems, Algebraic algorithms.
Practical Digital Signature Generation using
"... Abstract. It is desirable to generate a digital signature using biometrics but not practicable because of its inaccurate measuring and potential hillclimbing attacks, without using specific hardware devices that hold signature keys or biometric templates securely. We study a simple practical method ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. It is desirable to generate a digital signature using biometrics but not practicable because of its inaccurate measuring and potential hillclimbing attacks, without using specific hardware devices that hold signature keys or biometric templates securely. We study a simple practical method for biometrics based digital signature generation without such restriction, by exploiting the existing tools in software in our proposed model where a general digital signature such as RSA can be applied without losing its security.