Proving tight security for Rabin-Williams signatures

D.J. Bernstein

doi:10.1007/978-3-540-78967-3_5

Proving tight security for Rabin-Williams signatures

D.J. Bernstein

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

41 Citations (Scopus)

Abstract

This paper proves "tight security in the random-oracle model relative to factorization" for the lowest-cost signature systems available today: every hash-generic signature-forging attack can be converted, with negligible loss of efficiency and effectiveness, into an algorithm to factor the public key. The most surprising system is the "fixed unstructured B = 0 Rabin-Williams" system, which has a tight security proof despite hashing unrandomized messages.

Original language	English
Title of host publication	Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings
Editors	N. Smart
Place of Publication	Berlin
Publisher	Springer
Pages	70-87
ISBN (Print)	978-3-540-78966-6
DOIs	https://doi.org/10.1007/978-3-540-78967-3_5
Publication status	Published - 2008

Publication series

Name	Lecture Notes in Computer Science
Volume	4965
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-540-78967-3_5

Cite this

Bernstein, D. J. (2008). Proving tight security for Rabin-Williams signatures. In N. Smart (Ed.), Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings (pp. 70-87). (Lecture Notes in Computer Science; Vol. 4965). Springer. https://doi.org/10.1007/978-3-540-78967-3_5

@inproceedings{3a2469792a0f4fb2b5f906062d588f3e,

title = "Proving tight security for Rabin-Williams signatures",

abstract = "This paper proves {"}tight security in the random-oracle model relative to factorization{"} for the lowest-cost signature systems available today: every hash-generic signature-forging attack can be converted, with negligible loss of efficiency and effectiveness, into an algorithm to factor the public key. The most surprising system is the {"}fixed unstructured B = 0 Rabin-Williams{"} system, which has a tight security proof despite hashing unrandomized messages.",

author = "D.J. Bernstein",

year = "2008",

doi = "10.1007/978-3-540-78967-3_5",

language = "English",

isbn = "978-3-540-78966-6",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "70--87",

editor = "N. Smart",

booktitle = "Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings",

address = "Germany",

}

Bernstein, DJ 2008, Proving tight security for Rabin-Williams signatures. in N Smart (ed.), Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings. Lecture Notes in Computer Science, vol. 4965, Springer, Berlin, pp. 70-87. https://doi.org/10.1007/978-3-540-78967-3_5

Proving tight security for Rabin-Williams signatures. / Bernstein, D.J.
Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings. ed. / N. Smart. Berlin: Springer, 2008. p. 70-87 (Lecture Notes in Computer Science; Vol. 4965).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Proving tight security for Rabin-Williams signatures

AU - Bernstein, D.J.

PY - 2008

Y1 - 2008

N2 - This paper proves "tight security in the random-oracle model relative to factorization" for the lowest-cost signature systems available today: every hash-generic signature-forging attack can be converted, with negligible loss of efficiency and effectiveness, into an algorithm to factor the public key. The most surprising system is the "fixed unstructured B = 0 Rabin-Williams" system, which has a tight security proof despite hashing unrandomized messages.

AB - This paper proves "tight security in the random-oracle model relative to factorization" for the lowest-cost signature systems available today: every hash-generic signature-forging attack can be converted, with negligible loss of efficiency and effectiveness, into an algorithm to factor the public key. The most surprising system is the "fixed unstructured B = 0 Rabin-Williams" system, which has a tight security proof despite hashing unrandomized messages.

U2 - 10.1007/978-3-540-78967-3_5

DO - 10.1007/978-3-540-78967-3_5

M3 - Conference contribution

SN - 978-3-540-78966-6

T3 - Lecture Notes in Computer Science

SP - 70

EP - 87

BT - Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings

A2 - Smart, N.

PB - Springer

CY - Berlin

ER -

Bernstein DJ. Proving tight security for Rabin-Williams signatures. In Smart N, editor, Advances in cryptology - eurocrypt 2008 : 27th annual international conference on the Theory and applications of cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008 : proceedings. Berlin: Springer. 2008. p. 70-87. (Lecture Notes in Computer Science). doi: 10.1007/978-3-540-78967-3_5

Proving tight security for Rabin-Williams signatures

Abstract

Publication series

Access to Document

Fingerprint

Cite this