Paper 2003/240

How to Break and Repair a Universally Composable Signature Functionality

Michael Backes and Dennis Hofheinz

Abstract

Canetti and Rabin recently proposed a universally composable ideal functionality F_SIG for digital signatures. We show that this functionality cannot be securely realized by \emph{any} signature scheme, thereby disproving their result that any signature scheme that is existentially unforgeable under adaptive chosen-message attack is a secure realization. Next, an improved signature functionality is presented. We show that our improved functionality can be securely realized by precisely those signature schemes that are secure against existential forgery under adaptive chosen-message attacks.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
digital signature schemesuniversal composabilityadaptive chosen-message attack
Contact author(s)
hofheinz @ ira uka de
History
2003-11-19: revised
2003-11-19: received
See all versions
Short URL
https://ia.cr/2003/240
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2003/240,
      author = {Michael Backes and Dennis Hofheinz},
      title = {How to Break and Repair a Universally Composable Signature Functionality},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/240},
      year = {2003},
      url = {https://eprint.iacr.org/2003/240}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.