## A digital signature scheme secure against adaptive chosen-message attacks (1988)

### Cached

### Download Links

- [theory.lcs.mit.edu]
- [people.csail.mit.edu]
- [people.csail.mit.edu]
- [www.infosec.pku.edu.cn]
- DBLP

### Other Repositories/Bibliography

Venue: | SIAM Journal on Computing |

Citations: | 829 - 47 self |

### BibTeX

@ARTICLE{Goldwasser88adigital,

author = {Shafi Goldwasser and Silvio Micali and Ronald L. Rivest},

title = {A digital signature scheme secure against adaptive chosen-message attacks},

journal = {SIAM Journal on Computing},

year = {1988},

volume = {17},

pages = {281--308}

}

### Years of Citing Articles

### OpenURL

### Abstract

We present a digital signature scheme based on the computational difficulty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of having forgery being equivalent to factoring and being invulnerable to an adaptive chosen-message attack were considered in the folklore to be contradictory. More generally, we show how to construct a signature scheme with such properties based on the existence of a “claw-free ” pair of permutations – a potentially weaker assumption than the intractibility of integer factorization. The new scheme is potentially practical: signing and verifying signatures are reasonably fast, and signatures are compact.