Results 1 
6 of
6
TwoTier Signatures, Strongly Unforgeable Signatures, and FiatShamir without Random Oracles
, 2007
"... We show how the FiatShamir transform can be used to convert threemove identification protocols into twotier signature schemes (a primitive we define) with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires secu ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
(Show Context)
We show how the FiatShamir transform can be used to convert threemove identification protocols into twotier signature schemes (a primitive we define) with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. We can show that numerous protocols have the required properties and so obtain numerous efficient twotier schemes. Our first application is an efficient transform of any unforgeable signature scheme into a strongly unforgeable one, which uses as a tool any twotier scheme. (This extends work of Boneh, Shen and Waters whose transform only applies to a limited class of schemes.) The second application is new onetime signature schemes that, compared to oneway function based ones of the same computational cost, have smaller key and signature sizes.
Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home
, 2009
"... In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection throu ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the endtoend communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.
ProofCarrying Data and Hearsay Arguments from Signature Cards
"... Design of secure systems can often be expressed as ensuring that some property is maintained at every step of a distributed computation among mutuallyuntrusting parties. Special cases include integrity of programs running on untrusted platforms, various forms of confidentiality and sidechannel res ..."
Abstract
 Add to MetaCart
(Show Context)
Design of secure systems can often be expressed as ensuring that some property is maintained at every step of a distributed computation among mutuallyuntrusting parties. Special cases include integrity of programs running on untrusted platforms, various forms of confidentiality and sidechannel resilience, and domainspecific invariants. We propose a new approach, proofcarrying data (PCD), which circumnavigates the threat of faults and leakage by reasoning about properties of the output data, independently of the preceding computation. In PCD, the system designer prescribes the desired properties of the computation’s outputs. Corresponding proofs are attached to every message flowing through the system, and are mutually verified by the system’s components. Each such proof attests that the message’s data and all of its history comply with the specified properties. We construct a general protocol compiler that generates, propagates and verifies such proofs of compliance, while preserving the dynamics and efficiency of the original computation. Our main technical tool is the cryptographic construction of short noninteractive arguments (computationallysound proofs) for statements whose truth depends on “hearsay evidence”: previous arguments about other statements. To this end, we attain a particularly strong proof of knowledge. We realize the above, under standard cryptographic assumptions, in a model where the prover has blackbox access to some simple functionality — essentially, a signature card.
Strongly Unforgeable IDbased Signatures Without Random Oracles Chifumi Sato 1, Takeshi Okamoto 2, and Eiji Okamoto 3 1
"... Abstract. In this paper, we construct a strongly unforgeable IDbased signature scheme without random oracles. 4 The signature size of our scheme is smaller than that of other schemes based on varieties of the Diffie–Hellman problem or the discrete logarithm problem. The security of the scheme relie ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we construct a strongly unforgeable IDbased signature scheme without random oracles. 4 The signature size of our scheme is smaller than that of other schemes based on varieties of the Diffie–Hellman problem or the discrete logarithm problem. The security of the scheme relies on the difficulty to solve three problems related to the Diffie–Hellman problem and a oneway isomorphism. Keywords: Digital signatures, IDbased signatures, Strong unforgeability, Standard models
unknown title
"... Received in revised form 6 March 2012 tential forgery under adaptively chosen message attacks (fullysecure, in short), from any There are many concrete constructions of signature schemes based on some standard assumptions, such as discrete logarithm problem [28,30], computational Diffie–Hellman pr ..."
Abstract
 Add to MetaCart
(Show Context)
Received in revised form 6 March 2012 tential forgery under adaptively chosen message attacks (fullysecure, in short), from any There are many concrete constructions of signature schemes based on some standard assumptions, such as discrete logarithm problem [28,30], computational Diffie–Hellman problem [6,17,34], factoring problem [3]. Some constructions based on other assumptions [29,36] have also been proposed. Though they are efficient, their security can only be proven in the
Underlying Assumptions and Designated Verifier Signatures
"... Abstract. In this paper, we define an underlying computational problem and its decisional problem. As an application of their problems, we propose an efficient designated verifier signature (DVS) scheme without random oracles (related to symmetric pairings). We formally redefine the (Strong) Privacy ..."
Abstract
 Add to MetaCart
Abstract. In this paper, we define an underlying computational problem and its decisional problem. As an application of their problems, we propose an efficient designated verifier signature (DVS) scheme without random oracles (related to symmetric pairings). We formally redefine the (Strong) Privacy of Signature’s Identity, and prove our DVS scheme satisfying security based on the difficulty of the problems. Also we prove that the difficulty of the computational problem is tightly equivalent to the Strong Unforgeability of our proposed conventional signature scheme (without random oracles) related to asymmetric pairings. We believe that our underlying problems are profitable to propose many efficient cryptographic schemes.