Academic
Publications
A digital signature scheme secure against adaptive chosen-message attacks

A digital signature scheme secure against adaptive chosen-message attacks,10.1137/0217017,Siam Journal on Computing,Shafi Goldwasser,Silvio Micali,Ron

A digital signature scheme secure against adaptive chosen-message attacks   (Citations: 1340)
BibTex | RIS | RefWorks Download
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of...
Journal: Siam Journal on Computing - SIAMCOMP , vol. 17, no. 2, pp. 281-308, 1988
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Public-key signatures [12,17,25] are relatively expensive to generate...
    • ...For public-key signature schemes, the property corresponding to Unforgeability is Chosen Message Attack (CMA) security [17]...
    • ...Perfect Transferability instead of Transferability is effectively a public-key signature scheme secure under CMA [17]...

    Tom Roederet al. Multi-Verifier Signatures

    • ...In the classical definition of existential unforgeability (EUF) [GMR88], a new signature on an already signed message is not considered a valid forgery—as opposed to strong unforgeability (SUF)...

    Olivier Blazyet al. Signatures on Randomizable Ciphertexts

    • ...Moreover, we need a stronger security guarantee than HW signatures gave us (i.e., existential unforgeability under adaptive chosen message attack [20].) We need that: it is not only the case that an adversary cannot produce a pair (m, σ) for a new m; now the adversary cannot even produce the pair (g m ,σ )f or an ew...

    Matthew Greenandet al. Practical Adaptive Oblivious Transfer from Simple Assumptions

    • ...FVDS is secure { existentially unforgeable against adaptive chosen message attacks [13] { under the assumption that factorization of an RSA modulus is harder...

    Jothi Rangasamyet al. An integrated approach to cryptographic mitigation of denial-of-servic...

    • ...Specifically, a signature scheme is leakage-resilient in the bounded-leakage model if it is existentially unforgeable against an adaptive chosen-message attack [19] even when adversarially chosen functions of the signing key are leaked in an adaptive fashion...

    Elette Boyleet al. Fully Leakage-Resilient Signatures

Sort by: