Paper 2018/223

Shorter double-authentication preventing signatures for small address spaces

Bertram Poettering


A recent paper by Derler, Ramacher, and Slamanig (IEEE EuroS&P 2018) constructs double-authentication preventing signatures ("DAP signatures", a specific self-enforcement enabled variant of signatures where messages consist of an address and a payload) that have---if the supported address space is not too large---keys and signatures that are considerably more compact than those of prior work. We embark on their approach to restrict attention to small address spaces and construct novel DAP schemes that beat their signature size by a factor of five and reduce the signing key size from linear to constant (the verification key size remains almost the same). We construct our DAP signatures generically from identification protocols, using a transform similar to but crucially different from that of Fiat and Shamir. We use random oracles. We don't use pairings.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. AFRICACRYPT 2018
signature schemesself-enforcement
Contact author(s)
bertram poettering @ rhul ac uk
2018-02-28: revised
2018-02-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Bertram Poettering},
      title = {Shorter double-authentication preventing signatures for small address spaces},
      howpublished = {Cryptology ePrint Archive, Paper 2018/223},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.