The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Skim Fail-Stop Signature (FSS) ialah skim tandatangan yang memenuhi ketidakpastian walaupun terhadap pemalsu dengan kuasa pengiraan polinomial super (iaitu terhadap pemalsu yang boleh mengira tandatangan yang boleh diterima) dan tidak boleh disangkal terhadap penandatangan berniat jahat dengan pengiraan masa polinomial kebarangkalian kuasa (iaitu penandatangan berniat jahat PPT). Dalam makalah ini, di bawah beberapa tetapan, hubungan kesetaraan telah diperoleh antara satu set sifat keselamatan apabila skim FSS tunggal digunakan secara tunggal dan sifat keselamatan yang dipanggil keselamatan Universally Composable (UC) apabila skim FSS jamak digunakan serentak. Di sini, keselamatan UC ialah harta keselamatan yang menjamin bahawa walaupun skim jamak digunakan serentak, sifat keselamatan setiap skim (untuk penggunaan skim tunggal) dipelihara. Tetapan utama di atas adalah seperti berikut. pertama, H-EUC (Externalized UC) keselamatan diperkenalkan dan bukannya keselamatan UC "konvensional", di mana fungsi pembantu baharu H dibina dengan sewajarnya. Ini adalah kerana kita boleh memperoleh keselamatan UC "konvensional" tidak boleh dipegang untuk skim FSS apabila pihak yang berniat jahat (contohnya pemalsu dan penandatangan berniat jahat) mempunyai kuasa pengiraan super polinomial. Dalam persekitaran di mana fungsi pembantu di atas H digunakan, semua pihak adalah PPT, tetapi hanya pemalsu boleh mengira tandatangan yang boleh diterima dengan mendapatkan beberapa maklumat tambahan daripada H. Kedua, takrifan tidak boleh dipalsukan (dalam satu set sifat keselamatan untuk penggunaan skim FSS tunggal) disemak agar sepadan dengan persekitaran di atas. Hubungan kesetaraan di atas yang diperolehi di bawah tetapan di atas menjamin bahawa walaupun skim FSS jamak digunakan serentak, sifat keselamatan tersebut untuk penggunaan skim tunggal dikekalkan, dengan syarat beberapa syarat kekal. Khususnya, hubungan kesetaraan dalam kertas ini mempunyai keaslian dari segi menjamin bahawa tidak boleh dipalsukan dipelihara walaupun terhadap pemalsu yang merupakan PPT tetapi boleh mengira tandatangan yang boleh diterima. Tambahan pula, pertama sekali telah dibuktikan dalam kertas ini bahawa H-EUC keselamatan memegang untuk instantiasi sedia ada skim FSS oleh Mashatan et al. Daripada ini, boleh dikatakan bahawa hubungan kesetaraan yang ditunjukkan dalam kertas ini adalah praktikal.
Masahiro NOMURA
Chiba Keizai College
Katsuhiro NAKAMURA
Chiba University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Masahiro NOMURA, Katsuhiro NAKAMURA, "On Fail-Stop Signature Schemes with H-EUC Security" in IEICE TRANSACTIONS on Fundamentals,
vol. E102-A, no. 1, pp. 125-147, January 2019, doi: 10.1587/transfun.E102.A.125.
Abstract: Fail-Stop Signature (FSS) scheme is a signature scheme which satisfies unforgeability even against a forger with super-polynomial computational power (i.e. even against a forger who can compute acceptable signatures) and non-repudiability against a malicious signer with probabilistic polynomial time computational power (i.e. a PPT malicious signer). In this paper, under some settings, the equivalence relation has been derived between a set of security properties when single FSS scheme is used singly and a security property called Universally Composable (UC) security when plural FSS schemes are concurrently used. Here, UC security is a security property guaranteeing that even when plural schemes are concurrently used, security properties of each scheme (for single scheme usage) are preserved. The above main settings are as follows. Firstly, H-EUC (Externalized UC) security is introduced instead of “conventional” UC security, where a new helper functionality H is constructed appropriately. It is because that we can derive “conventional” UC security cannot hold for FSS schemes when malicious parties (e.g. a forger and a malicious signer) have super-polynomial computational power. In the environment where the above helper functionality H is used, all parties are PPT, but only a forger may compute acceptable signatures by obtaining some additional information from H. Secondly, the definition of unforgeability (in a set of security properties for single FSS scheme usage) is revised to match the above environment. The above equivalence relation derived under the above settings guarantees that even when plural FSS schemes are concurrently used, those security properties for single scheme usage are preserved, provided that some conditions hold. In particular, the equivalence relation in this paper has originality in terms of guaranteeing that unforgeability is preserved even against a forger who is PPT but may compute acceptable signatures. Furthermore, it has been firstly proved in this paper that H-EUC security holds for an existing instantiation of an FSS scheme by Mashatan et al. From this, it can be said that the equivalence relation shown in this paper is practical.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E102.A.125/_p
Salinan
@ARTICLE{e102-a_1_125,
author={Masahiro NOMURA, Katsuhiro NAKAMURA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On Fail-Stop Signature Schemes with H-EUC Security},
year={2019},
volume={E102-A},
number={1},
pages={125-147},
abstract={Fail-Stop Signature (FSS) scheme is a signature scheme which satisfies unforgeability even against a forger with super-polynomial computational power (i.e. even against a forger who can compute acceptable signatures) and non-repudiability against a malicious signer with probabilistic polynomial time computational power (i.e. a PPT malicious signer). In this paper, under some settings, the equivalence relation has been derived between a set of security properties when single FSS scheme is used singly and a security property called Universally Composable (UC) security when plural FSS schemes are concurrently used. Here, UC security is a security property guaranteeing that even when plural schemes are concurrently used, security properties of each scheme (for single scheme usage) are preserved. The above main settings are as follows. Firstly, H-EUC (Externalized UC) security is introduced instead of “conventional” UC security, where a new helper functionality H is constructed appropriately. It is because that we can derive “conventional” UC security cannot hold for FSS schemes when malicious parties (e.g. a forger and a malicious signer) have super-polynomial computational power. In the environment where the above helper functionality H is used, all parties are PPT, but only a forger may compute acceptable signatures by obtaining some additional information from H. Secondly, the definition of unforgeability (in a set of security properties for single FSS scheme usage) is revised to match the above environment. The above equivalence relation derived under the above settings guarantees that even when plural FSS schemes are concurrently used, those security properties for single scheme usage are preserved, provided that some conditions hold. In particular, the equivalence relation in this paper has originality in terms of guaranteeing that unforgeability is preserved even against a forger who is PPT but may compute acceptable signatures. Furthermore, it has been firstly proved in this paper that H-EUC security holds for an existing instantiation of an FSS scheme by Mashatan et al. From this, it can be said that the equivalence relation shown in this paper is practical.},
keywords={},
doi={10.1587/transfun.E102.A.125},
ISSN={1745-1337},
month={January},}
Salinan
TY - JOUR
TI - On Fail-Stop Signature Schemes with H-EUC Security
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 125
EP - 147
AU - Masahiro NOMURA
AU - Katsuhiro NAKAMURA
PY - 2019
DO - 10.1587/transfun.E102.A.125
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E102-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2019
AB - Fail-Stop Signature (FSS) scheme is a signature scheme which satisfies unforgeability even against a forger with super-polynomial computational power (i.e. even against a forger who can compute acceptable signatures) and non-repudiability against a malicious signer with probabilistic polynomial time computational power (i.e. a PPT malicious signer). In this paper, under some settings, the equivalence relation has been derived between a set of security properties when single FSS scheme is used singly and a security property called Universally Composable (UC) security when plural FSS schemes are concurrently used. Here, UC security is a security property guaranteeing that even when plural schemes are concurrently used, security properties of each scheme (for single scheme usage) are preserved. The above main settings are as follows. Firstly, H-EUC (Externalized UC) security is introduced instead of “conventional” UC security, where a new helper functionality H is constructed appropriately. It is because that we can derive “conventional” UC security cannot hold for FSS schemes when malicious parties (e.g. a forger and a malicious signer) have super-polynomial computational power. In the environment where the above helper functionality H is used, all parties are PPT, but only a forger may compute acceptable signatures by obtaining some additional information from H. Secondly, the definition of unforgeability (in a set of security properties for single FSS scheme usage) is revised to match the above environment. The above equivalence relation derived under the above settings guarantees that even when plural FSS schemes are concurrently used, those security properties for single scheme usage are preserved, provided that some conditions hold. In particular, the equivalence relation in this paper has originality in terms of guaranteeing that unforgeability is preserved even against a forger who is PPT but may compute acceptable signatures. Furthermore, it has been firstly proved in this paper that H-EUC security holds for an existing instantiation of an FSS scheme by Mashatan et al. From this, it can be said that the equivalence relation shown in this paper is practical.
ER -