#### DMCA

## Concurrent Signature without Random Oracles (2012)

Citations: | 7 - 4 self |

### Citations

1612 | Random oracles are practical: a paradigm for designing efficient protocols
- Bellare, Rogaway
- 1993
(Show Context)
Citation Context ...ncing the capability of controlling the keystone between the initiator and the matcher [21]. However, none of the schemes are proven secure without random oracles. As we know, the random oracle model =-=[4]-=- is often criticized as a heuristic methodology, assuming that all the parties have oracle access to some truly random functions. Canetti et al. proved that there does not exist any equivalent functio... |

724 |
Efficient signature generation by smart cards
- Schnorr
- 1991
(Show Context)
Citation Context ...r Idea To show the difficulty of finding a construction in the standard model, a useful observation is that most of the concurrent signatures are based on ring signatures built from Schnorr signature =-=[15]-=-. As a result, these schemes have to apply the forking lemma [14] to prove the unforgeability in the random oracle model. In order to get rid of this barrier, we start from an efficient two-user ring ... |

583 | A fair protocol for signing contracts
- Ben-Or, Goldreich, et al.
- 1990
(Show Context)
Citation Context ... or none of them does. One of the electronic commerce applications of fair exchange is contract signing [11]. There are two main approaches for doing fair exchange. One is the timed release technique =-=[9, 10]-=- in which the signatures are computed as segments and exchanged in a polynomial number of rounds such that in any round, the amount of one party’s knowledge on the counter-party’s signature is nearly ... |

363 | Security arguments for digital signatures and blind signatures
- Pointcheval, Stern
(Show Context)
Citation Context ...andard model, a useful observation is that most of the concurrent signatures are based on ring signatures built from Schnorr signature [15]. As a result, these schemes have to apply the forking lemma =-=[14]-=- to prove the unforgeability in the random oracle model. In order to get rid of this barrier, we start from an efficient two-user ring signature in the standard model [5]. Instead of directly applying... |

334 | Efficient identity-based encryption without random oracles
- Waters
- 2005
(Show Context)
Citation Context ...ic key of sizeConcurrent Signature without Random Oracles 15 linear to the security parameter l, which is a common feature for constructions that are free of random oracles based on Waters’ approach =-=[20]-=-. 6 Conclusion and Future Work A novel ambiguity model that provides anonymity for concurrent signatures is proposed in this paper, together with a concrete scheme under the new model. This is the fir... |

67 |
Efficient Verifiable Encryption (and Fair Exchange) of Digital Signatures
- Ateniese
- 1999
(Show Context)
Citation Context ... The simultaneous exponentiations of the form g x1 1 gx2 2 and gx1 1 gx2 2 gx3 3 are optimized to about 1.16 and 1.25 single exponentiation operations respectively, by the method of an exponent array =-=[2]-=-. Point additions in G and hash evaluations are not taken into account since their influence on the time complexity is negligible compared to other operations. “Initiator’s Cost” denotes the total com... |

57 | Ring signatures: Stronger definitions, and constructions without random oracles
- Bender, Katz, et al.
(Show Context)
Citation Context ...e to apply the forking lemma [14] to prove the unforgeability in the random oracle model. In order to get rid of this barrier, we start from an efficient two-user ring signature in the standard model =-=[5]-=-. Instead of directly applying the ring signature as the building block, we twist it such that the ring is formed by one of the two parties and a keystone fix which can be treated as a virtual user. M... |

27 | Concurrent signatures
- Chen, Kudla, et al.
- 2004
(Show Context)
Citation Context ...xchange when a dispute between the parties occurs. This type of fair exchange is referred to as Optimistic Fair Exchange (OFE) [1, 3, 12]. Concurrent signature, introduced by Chen, Kudla and Paterson =-=[7]-=-, is the third approach for performing fair exchange of signatures. In a concurrent signature scheme, two parties A and B produce some signatures called ambiguous2 X. Tan, Q. Huang and D. S. Wong sig... |

25 | Timed fair exchange of standard signatures: [extended abstract
- Garay, Pomerance
- 2003
(Show Context)
Citation Context ... or none of them does. One of the electronic commerce applications of fair exchange is contract signing [11]. There are two main approaches for doing fair exchange. One is the timed release technique =-=[9, 10]-=- in which the signatures are computed as segments and exchanged in a polynomial number of rounds such that in any round, the amount of one party’s knowledge on the counter-party’s signature is nearly ... |

17 |
Round-optimal and abuse free optimistic multi-party contract signing
- Baum-Waidner, Waidner
- 2000
(Show Context)
Citation Context ...ies on a semitrusted offline arbitrator which only gets involved in the exchange when a dispute between the parties occurs. This type of fair exchange is referred to as Optimistic Fair Exchange (OFE) =-=[1, 3, 12]-=-. Concurrent signature, introduced by Chen, Kudla and Paterson [7], is the third approach for performing fair exchange of signatures. In a concurrent signature scheme, two parties A and B produce some... |

10 |
Perfect concurrent signature schemes
- Susilo, Mu, et al.
- 2004
(Show Context)
Citation Context ...nature to acquire goods or service from B, then B can always ask A to show the keystone before providing service to A. Motivation: Several concurrent signature schemes were proposed in the literature =-=[17, 19, 16, 13, 8, 18, 21]-=-. These works either focus on improving the ambiguity model [17, 13], or fixing potential attacks against fairness [19], or extending concurrent signatures to multi-party setting [16, 18] or identity ... |

8 |
Ambiguous Optimistic Fair Exchange
- Huang, Yang, et al.
- 2008
(Show Context)
Citation Context ...ies on a semitrusted offline arbitrator which only gets involved in the exchange when a dispute between the parties occurs. This type of fair exchange is referred to as Optimistic Fair Exchange (OFE) =-=[1, 3, 12]-=-. Concurrent signature, introduced by Chen, Kudla and Paterson [7], is the third approach for performing fair exchange of signatures. In a concurrent signature scheme, two parties A and B produce some... |

6 |
Optimistic fair exchange of signatures
- Asokan, Shoup, et al.
- 2000
(Show Context)
Citation Context ...ies on a semitrusted offline arbitrator which only gets involved in the exchange when a dispute between the parties occurs. This type of fair exchange is referred to as Optimistic Fair Exchange (OFE) =-=[1, 3, 12]-=-. Concurrent signature, introduced by Chen, Kudla and Paterson [7], is the third approach for performing fair exchange of signatures. In a concurrent signature scheme, two parties A and B produce some... |

6 | Generic construction of (identity-based) perfect concurrent signatures
- Chow, Susilo
- 2005
(Show Context)
Citation Context ... * 4.16E 3E 4.16E |p| + |q| |p| CS-FNBC [21] 5.41E 5.41E 6.5E 3|q| |p| + |q| PCS2 [17] 6P + 3.41E + 1M 6P + 3.41E 7P + 3.5E 3|q| 2|q| iPCS2 [19] 6P + 3.41E 6P + 3.41E + 1M 6P + 2.5E 3|q| 2|q| ID-PCS1 =-=[8]-=- 3P +2SM+1E+2M 3P +2SM+1E+1M 2SM + 2E |G| + 2|q| 2|q| ID-PCS2 [8] 3P + 2SM + 2M 3P + 2SM + 1M 4P + 2SM 3|G| 2|G| Ours 3P + 1SM + 3M 5P + 1SM + 1M 6P + 2M 2|G| 2|G| * ACS defines two signing algorithms... |

6 |
Multi-party concurrent signatures
- Tonien, Susilo, et al.
- 2006
(Show Context)
Citation Context ...nature to acquire goods or service from B, then B can always ask A to show the keystone before providing service to A. Motivation: Several concurrent signature schemes were proposed in the literature =-=[17, 19, 16, 13, 8, 18, 21]-=-. These works either focus on improving the ambiguity model [17, 13], or fixing potential attacks against fairness [19], or extending concurrent signatures to multi-party setting [16, 18] or identity ... |

5 | The fairness of perfect concurrent signatures
- Wang, Bao, et al.
- 2006
(Show Context)
Citation Context ...nature to acquire goods or service from B, then B can always ask A to show the keystone before providing service to A. Motivation: Several concurrent signature schemes were proposed in the literature =-=[17, 19, 16, 13, 8, 18, 21]-=-. These works either focus on improving the ambiguity model [17, 13], or fixing potential attacks against fairness [19], or extending concurrent signatures to multi-party setting [16, 18] or identity ... |

3 | Asymmetric concurrent signatures
- Nguyen
- 2005
(Show Context)
Citation Context |

2 |
Concurrent signatures with fully negotiable binding control
- Yuen, Wong, et al.
- 2011
(Show Context)
Citation Context |

1 |
S.: The random rracle methodology, revisited
- Canetti, Goldreich, et al.
- 1998
(Show Context)
Citation Context ... oracle access to some truly random functions. Canetti et al. proved that there does not exist any equivalent function ensemble in the real world that can replace random oracles without security loss =-=[6]-=-. Therefore, it is more desirable to construct concurrent signatures in the standard model for reliable security. We also observed a restriction in existing ambiguity models [7, 17]: given the ambiguo... |