A practical optimal padding for signature schemes

Haifeng Qian; Zhibin Li; Zhijie Chen; Siman Yang

doi:10.1007/11967668_8

A practical optimal padding for signature schemes

Haifeng Qian
, Zhibin Li
, Zhijie Chen
, Siman Yang

East China Normal University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

A digital signature scheme that achieves an optimal bandwidth (generating signatures as short as possible) is called an optimal signature scheme. The previous optimal signature schemes all need the random permutations (or the ideal ciphers) with large block size as building blocks. However, the practical cipher with large block size such as Halevi and Rogaway’s CMC-mode should call the underlying secure block cipher with small block size many times each time. This makes the previous optimal signature schemes which use the large domain permutation (or the ideal cipher) less efficient in the real world, even if there exist the methods that can encipher the messages with larger domain. On the other hand, all the practical signature schemes are not optimal in bandwidth including PSS-R, FDH, DSA, etc. Hence, the problem on how to design a practical, efficient and optimal signature scheme remains open. This paper uses two random oracles and an ideal cipher with a smaller block size to design an optimal padding for signature schemes. The ideal cipher in our scheme can be implemented with a truly real block cipher (e.g. AES). Therefore, we provide a perfect solution to the open problem. More precisely, we design a practical, efficient and optimal signature scheme. Particularly, in the case of RSA, the padding leads the signature scheme to achieve not only optimality in bandwidth but also a tight security.

Original language	English
Title of host publication	Topics in Cryptology
Subtitle of host publication	CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings
Editors	Masayuki Abe
Publisher	Springer Verlag
Pages	112-128
Number of pages	17
ISBN (Print)	9783540693277
DOIs	https://doi.org/10.1007/11967668_8
State	Published - 2007
Event	Cryptographers Track at the RSA Conference, CT-RSA 2007 - San Francisco, United States Duration: 5 Feb 2007 → 9 Feb 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4377 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Cryptographers Track at the RSA Conference, CT-RSA 2007
Country/Territory	United States
City	San Francisco
Period	5/02/07 → 9/02/07

Keywords

Ideal cipher model
Optimal signature
Random oracle model
Short signature
Tight security

Access to Document

10.1007/11967668_8

Cite this

Qian, H., Li, Z., Chen, Z., & Yang, S. (2007). A practical optimal padding for signature schemes. In M. Abe (Ed.), Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings (pp. 112-128). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS). Springer Verlag. https://doi.org/10.1007/11967668_8

Qian, Haifeng ; Li, Zhibin ; Chen, Zhijie et al. / A practical optimal padding for signature schemes. Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. editor / Masayuki Abe. Springer Verlag, 2007. pp. 112-128 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f26b1c2555ed4b08a402879964313a83,

title = "A practical optimal padding for signature schemes",

abstract = "A digital signature scheme that achieves an optimal bandwidth (generating signatures as short as possible) is called an optimal signature scheme. The previous optimal signature schemes all need the random permutations (or the ideal ciphers) with large block size as building blocks. However, the practical cipher with large block size such as Halevi and Rogaway{\textquoteright}s CMC-mode should call the underlying secure block cipher with small block size many times each time. This makes the previous optimal signature schemes which use the large domain permutation (or the ideal cipher) less efficient in the real world, even if there exist the methods that can encipher the messages with larger domain. On the other hand, all the practical signature schemes are not optimal in bandwidth including PSS-R, FDH, DSA, etc. Hence, the problem on how to design a practical, efficient and optimal signature scheme remains open. This paper uses two random oracles and an ideal cipher with a smaller block size to design an optimal padding for signature schemes. The ideal cipher in our scheme can be implemented with a truly real block cipher (e.g. AES). Therefore, we provide a perfect solution to the open problem. More precisely, we design a practical, efficient and optimal signature scheme. Particularly, in the case of RSA, the padding leads the signature scheme to achieve not only optimality in bandwidth but also a tight security.",

keywords = "Ideal cipher model, Optimal signature, Random oracle model, Short signature, Tight security",

author = "Haifeng Qian and Zhibin Li and Zhijie Chen and Siman Yang",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2007.; Cryptographers Track at the RSA Conference, CT-RSA 2007 ; Conference date: 05-02-2007 Through 09-02-2007",

year = "2007",

doi = "10.1007/11967668\_8",

language = "英语",

isbn = "9783540693277",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "112--128",

editor = "Masayuki Abe",

booktitle = "Topics in Cryptology",

address = "德国",

}

Qian, H , Li, Z, Chen, Z & Yang, S 2007, A practical optimal padding for signature schemes. in M Abe (ed.), Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4377 LNCS, Springer Verlag, pp. 112-128, Cryptographers Track at the RSA Conference, CT-RSA 2007, San Francisco, United States, 5/02/07. https://doi.org/10.1007/11967668_8

A practical optimal padding for signature schemes. / Qian, Haifeng ; Li, Zhibin; Chen, Zhijie et al.
Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. ed. / Masayuki Abe. Springer Verlag, 2007. p. 112-128 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A practical optimal padding for signature schemes

AU - Qian, Haifeng

AU - Li, Zhibin

AU - Chen, Zhijie

AU - Yang, Siman

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 2007.

PY - 2007

Y1 - 2007

N2 - A digital signature scheme that achieves an optimal bandwidth (generating signatures as short as possible) is called an optimal signature scheme. The previous optimal signature schemes all need the random permutations (or the ideal ciphers) with large block size as building blocks. However, the practical cipher with large block size such as Halevi and Rogaway’s CMC-mode should call the underlying secure block cipher with small block size many times each time. This makes the previous optimal signature schemes which use the large domain permutation (or the ideal cipher) less efficient in the real world, even if there exist the methods that can encipher the messages with larger domain. On the other hand, all the practical signature schemes are not optimal in bandwidth including PSS-R, FDH, DSA, etc. Hence, the problem on how to design a practical, efficient and optimal signature scheme remains open. This paper uses two random oracles and an ideal cipher with a smaller block size to design an optimal padding for signature schemes. The ideal cipher in our scheme can be implemented with a truly real block cipher (e.g. AES). Therefore, we provide a perfect solution to the open problem. More precisely, we design a practical, efficient and optimal signature scheme. Particularly, in the case of RSA, the padding leads the signature scheme to achieve not only optimality in bandwidth but also a tight security.

AB - A digital signature scheme that achieves an optimal bandwidth (generating signatures as short as possible) is called an optimal signature scheme. The previous optimal signature schemes all need the random permutations (or the ideal ciphers) with large block size as building blocks. However, the practical cipher with large block size such as Halevi and Rogaway’s CMC-mode should call the underlying secure block cipher with small block size many times each time. This makes the previous optimal signature schemes which use the large domain permutation (or the ideal cipher) less efficient in the real world, even if there exist the methods that can encipher the messages with larger domain. On the other hand, all the practical signature schemes are not optimal in bandwidth including PSS-R, FDH, DSA, etc. Hence, the problem on how to design a practical, efficient and optimal signature scheme remains open. This paper uses two random oracles and an ideal cipher with a smaller block size to design an optimal padding for signature schemes. The ideal cipher in our scheme can be implemented with a truly real block cipher (e.g. AES). Therefore, we provide a perfect solution to the open problem. More precisely, we design a practical, efficient and optimal signature scheme. Particularly, in the case of RSA, the padding leads the signature scheme to achieve not only optimality in bandwidth but also a tight security.

KW - Ideal cipher model

KW - Optimal signature

KW - Random oracle model

KW - Short signature

KW - Tight security

UR - https://www.scopus.com/pages/publications/84885893482

U2 - 10.1007/11967668_8

DO - 10.1007/11967668_8

M3 - 会议稿件

AN - SCOPUS:84885893482

SN - 9783540693277

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 112

EP - 128

BT - Topics in Cryptology

A2 - Abe, Masayuki

PB - Springer Verlag

T2 - Cryptographers Track at the RSA Conference, CT-RSA 2007

Y2 - 5 February 2007 through 9 February 2007

ER -

Qian H , Li Z, Chen Z, Yang S. A practical optimal padding for signature schemes. In Abe M, editor, Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Springer Verlag. 2007. p. 112-128. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11967668_8

A practical optimal padding for signature schemes

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this