We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen

Abstract. The main contribution of this paper is to modify Bellare and Neven’s definition on undirected transitive signatures by explicitly introducing node signing and edge signing algorithms. In our model, a signing algorithm defined over a transitive graph consists of a pair of separate vertex signing algorithm and edge signing algorithm. We allow the vertex signing algorithm and the edge signing algorithm to share the state information of the transitive graph. The new model allows us to talk more easily about its security and extensions. In fact, the new model has been successfully applied to further study on directed graph authentication problem by Hohenberger [5] and Molnar [6] respectively. Finally, a concrete undirected transitive signature scheme is presented which is provably secure in the standard complexity paradigm in this model.

We study elliptic curve cryptosystems by first investigating the schemes defined over Z_p and show that the scheme is provably secure against adaptive chosen cipher-text attack under the decisional Diffie-Hellman assumption. Then we derive a practical elliptic curve cryptosystem by making use

A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties

In this paper, we address the question of providing security proofs for signature schemes in the so-called random oracle model [1]. In particular, we establish the generality of this technique against adaptively chosen message attacks. Our main application achieves such a security proof for a

In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack ff factoring

We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the so-called Strong RSA Assumption

This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds

We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#e-Hellman assumption. This assumption has similar properties to the Strong

We present a digital signature scheme which is based on the existence of any trapdoor permutation. Our scheme is secure in the strongest possible natural sense: namely, it is secure against existential forgery under adaptive chosen message attack.