The author modifies Bellare and Neven's definition of undirected transitive signatures by explicitly introducing node signing and edge signing algorithms. In the proposed model, a signing algorithm defined over a transitive graph consists of a separate vertex signing algorithm and an edge signing algorithm. These two algorithms are allowed to share the state information of the transitive graph. The new model allows easier discussion about its security and extensions. The new model has been successfully applied to further study of directed graph authentication problems posed by Hohenberger and by Molnar. A concrete undirected transitive signature scheme is presented which can be proved to be secure in the standard complexity paradigm in this model.
References
-
-
1)
-
S. Goldwasser ,
S. Micali ,
R. Rivest
.
A digital signature scheme secure against adaptive chosen-message attacks.
SIAM J. Comput.
,
2 ,
281 -
308
-
2)
-
Cramer, R., Shoup, V.: `Signature scheme based on the strong RSA assumption', Proc. 6th ACM Conf. on Computer and Communication Security, 1999, Singapore, ACM Press, 1999.
-
3)
-
Micali, S., and Rivest, R.L.: ‘Transitive signature schemes’. Proc. CT-RSA 2002, pp. 236–243.
-
4)
-
Molnar, D.: ‘Homomorphic signature scheme’. Harvard college, http://hcs.harvard.edu/dmolnar/senior-thesis.pdf.
-
5)
-
Zhu, H., Feng, B., and Deng, R.H.: ‘Computing of trust in distributed networks’. http://www.iacr.org, eprint.
-
6)
-
Bellare, M., Neven, G.: `Transitive signatures based on factoring and RSA', Proc. Advances in Cryptology; Asiacrypt 2002, Lect Notes Comput. Sci, 2002, 2501.
-
7)
-
Hohenberger, S.: ‘The cryptographic impact of groups with infeasible inversion’, http://theory.lcs.mit.edu/cis/cis-theses.html, May 2003.
http://iet.metastore.ingenta.com/content/journals/10.1049/ip-com_20040330
Related content
content/journals/10.1049/ip-com_20040330
pub_keyword,iet_inspecKeyword,pub_concept
6
6