Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Draft of a chapter on Signature Schemes revised p osted version Nr Extracts from a working draft for Volume of Foundations of Cryptography Oded Goldreich Department of Computer Science and Applied Mathematics Weizmann Institute of Science Rehovot Israel June Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. I to Dana c Copyright by Oded Goldreich Permission to make copies of part or all of this work for p ersonal or classro om use is granted without fee provided that copies are not made or distributed for prot or commercial advantage and that new copies b ear this notice and the full citation on the rst page Abstracting with credit is p ermitted Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. II Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Preface The current manuscript is a preliminary draft of the chapter on signature schemes Chapter of the second volume of the work Foundations of Cryptography This manuscript subsumes a previous versions p osted in May and Feb The bigger picture The current manuscript is part of a working draft of Part of the threepart work Foundations of Cryptography see Figure The three parts of this work are Basic Tools Basic Applications and Beyond the Ba sics The rst part containing Chapters has b een published by Cambridge University Press in June The second part consists of Chapters re garding Encryptioni Schemes Signatures Schemes and General Cryptographic Proto cols resp ectively We hop e to publish the second part with Cambridge University Press within a couple of years Part Introduction and Basic Tools Chapter Introduction Chapter Computational Diculty OneWay Functions Chapter Pseudorandom Generators Chapter ZeroKnowledge Pro ofs Part Basic Applications Chapter Encryption Schemes Chapter Signature Schemes Chapter General Cryptographic Proto cols Part Beyond the Basics Figure Organization of this work III Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. IV The partition of the work into three parts is a logical one Furthermore it oers the advantage of publishing the rst part without waiting for the comple tion of the other parts Similarly we hop e to complete the second part within a couple of years and publish it without waiting for the third part Prerequisites The most relevant background for this text is provided by basic knowledge of algorithms including randomized ones computability and elementary probability theory Background on computational number theory which is required for sp ecic implementations of certain constructs is not really required here Using this text The text is intended as part of a work that is aimed to serve b oth as a textb o ok and a reference text That is it is aimed at serving b oth the b eginner and the exp ert In order to achieve this aim the presentation of the basic material is very detailed so to allow a typical CSundergraduate to follow it An advanced student and certainly an exp ert will nd the pace in these parts way to o slow However an attempt was made to allow the latter reader to easily skip details obvious to himher In particular pro ofs are typically presented in a mo dular way We start with a highlevel sketch of the main ideas and only later pass to the technical details Passage from highlevel descriptions to lower level details is typically marked by phrases such as details fol low In a few places we provide straightforward but tedious details in in dented paragraphs as this one In some other even fewer places such paragraphs provide technical pro ofs of claims that are of marginal rele vance to the topic of the b o ok More advanced material is typically presented at a faster pace and with less details Thus we hop e that the attempt to satisfy a wide range of readers will not harm any of them Teaching The material presented in the full threevolume work is on one hand way b eyond what one may want to cover in a course and on the other hand falls very short of what one may want to know ab out Cryptography in general To assist these conicting needs we make a distinction b etween basic and advanced material and provide suggestions for further reading in the last section of each chapter In particular sections subsections and subsubsections marked by an asterisk are intended for advanced reading Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Table of Contents Preface III Signatures and Message Authentication The Setting and Denitional Issues The two types of schemes a brief overview Introduction to the unied treatment Basic mechanism Attacks and security Variants Augmenting the attack with a verication oracle Inessential generalities Weaker notions of security and some p opular schemes Lengthrestricted signature scheme Denition The p ower of lengthrestricted signature schemes Signing augmented blo cks Signing a hash value Constructing collisionfree hashing functions A construction based on clawfree p ermutations Collisionfree hashing via blo ckchaining Collisionfree hashing via treehashing Constructions of Message Authentication Schemes Applying a pseudorandom function to the do cument A simple construction and a plausibility result Using the hashandsign paradigm A variation on the hashandsign paradigm or using noncryptographic hashing plus hiding More on HashandHide and statebased MACs The denition of statebased MACs Statebased hashandhide MACs Constructions of Signature Schemes Onetime signature schemes Denitions V Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Constructing lengthrestricted onetime signature schemes From lengthrestricted schemes to general ones From onetime signature schemes to general ones The refreshing paradigm Authenticationtrees The actual construction Conclusions and comments Universal OneWay Hash Functions and using them Denition Constructions Onetime signature schemes based on UOWHF Conclusions and comments Additional Prop erties Unique signatures Sup ersecure signature schemes Olineonline signing Incremental signatures Failstop signatures Miscellaneous On Using Signature Schemes On Information Theoretic Security On Some Popular Schemes Historical Notes Signature Schemes Message Authentication Schemes Additional topics Suggestion for Further Reading Op en Problems Exercises Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. Chapter Digital Signatures and Message Authentication Message authentication and digital signatures were the rst tasks that joined encryption to form mo dern cryptography Both message authentication and dig ital signatures are concerned with the authenticity of data and the dierence b etween them is analogous to the dierence b etween privatekey and publickey encryption schemes In this chapter we dene message authentication and digital signatures and the security notions asso ciated to them We show how to construct message authentication schemes using pseudorandom functions and how to construct signature schemes using oneway p ermutations We stress that the latter con struction employs arbitrary oneway p ermutations which do not necessarily have a trap do or Towards presenting these constructions we discuss restricted types of message authentication and signature schemes which are of indep endent in terest such as lengthrestricted schemes see Section and onetime signature schemes see Section Teaching Tip Do not skip Section b ecause it do es play an imp ortant role in the following sections As in Chapter we assume that the reader is familiar with the material in Chapters and and sp ecically with Sections and This familiarity is imp ortant not only b ecause we use some of the notions and results presented in these sections but rather b ecause we use similar pro of techniques and do so while assuming that this is not the readers rst encounter with these techniques The Setting and Denitional Issues Both signature schemes and message authentication schemes are metho ds for validating data that is verifying that the data was approved by a certain Extracted from a working draft of Goldreich's FOUNDATIONS OF CRYPTOGRAPHY. See copyright notice. CHAPTER SIGNATURES AND MESSAGE AUTHENTICATION party or set of parties The dierence b etween signature schemes and
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages134 Page
-
File Size-