TY - JOUR
T1 - Generating signatures with optimal overhead
T2 - Practical paddings for signature schemes
AU - Qian, Haifeng
AU - Zhou, Yuan
AU - Li, Zhibin
AU - Chen, Zhijie
N1 - Publisher Copyright:
© 2014 John Wiley & Sons, Ltd.
PY - 2014/12/1
Y1 - 2014/12/1
N2 - Optimal signatures (generating signatures as short as possible), which achieve the optimal bandwidth for communication, are extremely useful in bandwidth-critical networks. Previous approaches use the random permutations with large block size as building blocks, which incurs less efficient implementations in the real world. Meanwhile, all the practical signature schemes are not optimal in bandwidth including PSS-R (probabilistic signature scheme with message recovery ), FDH ( Full Domain Hash), and DSA (Digital Signature Algorithm). This paper presents three constructions for optimal signature schemes. All the proposals use both the random oracles and the ideal ciphers with smaller block sizes as building blocks to obtain optimal paddings for signature schemes. The ideal ciphers in our schemes can be implemented by real block ciphers (e.g., AES (Advanced Encryption Standard)-256). Concrete implementations of these signature schemes can utilize the trapdoor permutations of Rabin and RSA, respectively. Surprisingly, RSA and Rabin (trapdoor permutations) lead to not only optimality in bandwidth but also a tight security. Therefore, besides yielding secure signatures with high efficiency, our proposals can also be flexibly applied to the bandwidth-limited networks that reduces the communication cost as less as possible.
AB - Optimal signatures (generating signatures as short as possible), which achieve the optimal bandwidth for communication, are extremely useful in bandwidth-critical networks. Previous approaches use the random permutations with large block size as building blocks, which incurs less efficient implementations in the real world. Meanwhile, all the practical signature schemes are not optimal in bandwidth including PSS-R (probabilistic signature scheme with message recovery ), FDH ( Full Domain Hash), and DSA (Digital Signature Algorithm). This paper presents three constructions for optimal signature schemes. All the proposals use both the random oracles and the ideal ciphers with smaller block sizes as building blocks to obtain optimal paddings for signature schemes. The ideal ciphers in our schemes can be implemented by real block ciphers (e.g., AES (Advanced Encryption Standard)-256). Concrete implementations of these signature schemes can utilize the trapdoor permutations of Rabin and RSA, respectively. Surprisingly, RSA and Rabin (trapdoor permutations) lead to not only optimality in bandwidth but also a tight security. Therefore, besides yielding secure signatures with high efficiency, our proposals can also be flexibly applied to the bandwidth-limited networks that reduces the communication cost as less as possible.
KW - Ideal cipher model
KW - Optimal signature
KW - Random oracle model
KW - Short signature
KW - Tight security
UR - https://www.scopus.com/pages/publications/84911875077
U2 - 10.1002/sec.945
DO - 10.1002/sec.945
M3 - 文章
AN - SCOPUS:84911875077
SN - 1939-0114
VL - 7
SP - 2345
EP - 2355
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 12
ER -