On the random-oracle methodology as applied to length-restricted signature schemes

Ran Canetti*, Oded Goldreich, Shai Halevi

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

42 Scopus citations

Abstract

In earlier work, we described a "pathological" example of a signature scheme that is secure in the Random Oracle Model, but for which no secure implementation exists. For that example, however, it was crucial that the scheme is able to sign "long messages" (i.e., messages whose length is not a-priori bounded). This left open the possibility that the Random Oracle Methodology is sound with respect to signature schemes that sign only "short" messages (i.e., messages of a-priori bounded length, smaller than the length of the keys in use), and are "memoryless" (i.e., the only thing kept between different signature generations is the initial signing-key). In this work, we extend our negative result to address such signature schemes. A key ingredient in our proof is a new type of interactive proof systems, which may be of independent interest.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsMoni Naor
PublisherSpringer Verlag
Pages40-57
Number of pages18
ISBN (Print)3540210008, 9783540210009
DOIs
StatePublished - 2004
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2951
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Dive into the research topics of 'On the random-oracle methodology as applied to length-restricted signature schemes'. Together they form a unique fingerprint.

Cite this