Short One-Time Signatures

We present a new one-time signature scheme having short signatures. Our new scheme supports aggregation, batch verification, and admits efficient proofs of knowledge. It has a fast signing algorithm, requiring only modular additions, and its verification cost is comparable to ECDSA verification. These properties make our scheme suitable for applications on resource-constrained devices such as smart cards and sensor nodes. Along the way, we give a unified description of five previous one-time signature schemes and improve parameter selection for these schemes, and as a corollary we give a fail-stop signature scheme with short signatures

Digital Signature Methods

U ovom radu smo se upoznali s digitalnim potpisom, objasnili zašto nam je važan te koje su njegove prednosti. Neki od kriptosustava zasnivaju se na problemu faktorizacije, a najpoznatiji od njih su svakako RSA te Rabinov kriptosustav. Oni su predstavljeni u prvom poglavlju rada. Nakon što smo se upoznali s njima, promotrili smo i istoimene sheme potpisa koje su nastale od tih kriptosustava. U drugom je poglavlju naglasak bio na DSA shemu potpisa koja je nastala prema ElGamalovom kriptosustavu, odnosno ElGamalovoj shemi potpisa. Za razliku od RSA i Rabinovog kriptosustava, ElGamalov kriptosustav je zasnovan na problemu diskretnog logaritma kojeg smo također spomenuli u radu. U sljedeća dva poglavlja definirana je nepobitna shema potpisa te fail-stop shema potpisa. Nepobitna shema potpisa za potrebu provjere traži suradnju potpisnika, dok fail-stop potpisi pružaju dodatnu sigurnost od krivotvorenja. Za sve navedene sheme priložen je ilustrativni primjer na kojem su uočljive karakteristike promotrenog potpisa.In this paper we introduced digital signature, explain its importance and its advantages. Some of the cryptosystem are based on the factorization problem and few of them are RSA and Rabin cryptosystem. They are represented in the first chapter as well as corresponding signature schemes. The basis of the second chapter is the DSA signature scheme which is related to the ElGamal cryptosytem and signature scheme. ElGamal cryptosystem is based on the discrete logarithm problem which is also one of the topics in the paper. In addition is defined an undeniable signature scheme and a fail-stop signature scheme. For every scheme that is mentioned in this paper there is corresponding illustrative example

Forgery-Resilience for Digital Signature Schemes

We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm for digital signature schemes exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signature, and exponentially many acceptable signatures, all but one of them being spurious. This primitive enables a judge to verify whether an alleged forged signature is indeed a forgery. In particular, the scheme considers an adversary who has access to a signing oracle and an oracle that solves a “hard” problem, and who tries to produce a signature that appears to be acceptable from a verifier’s point of view. However, a judge can tell apart such a spurious signature from a signature that is produced by an honest signer. This property is referred to as validatibility. Moreover, the scheme provides undeniability against malicious signers who try to fabricate spurious signatures and deny them later by showing that they are not valid. Last but not least, trustability refers to the inability of a malicious judge trying to forge a valid signature. This notion for signature schemes improves upon the notion of fail-stop signatures in different ways. For example, it is possible to sign more than one messages with forgery-resilient signatures and once a forgery is found, the credibility of a previously signed signature is not under question. A concrete instance of a forgery-resilient signature scheme is constructed based on the hardness of extracting roots of higher residues, which we show to be equivalent to the factoring assumption. In particular, using collision-free accumulators, we present a tight reduction from malicious signers to adversaries against the factoring problem. Meanwhile, a secure pseudorandom function ensures that no polynomially-bounded cheating verifier, who can still solve hard problems, is able to forge valid signatures. Security against malicious judges is based on the RSA assumption

A Digital Signature Scheme for Long-Term Security

In this paper we propose a signature scheme based on two intractable problems, namely the integer factorization problem and the discrete logarithm problem for elliptic curves. It is suitable for applications requiring long-term security and provides a more efficient solution than the existing ones

Bitcoin Transaction Malleability and MtGox

In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox