TAILIEUCHUNG - Digital Signatures Do Not Guarantee Exclusive Ownership

Digital signature systems provide a way to transfer trust from the public key to the signed data; this is used extensively within PKIs. However, some applications need a transfer of trust in the other direction, from the signed data to the public key. | Digital Signatures Do Not Guarantee Exclusive Ownership Thomas Pornin and Julien P. Stern Cryptolog International Paris France and Abstract. Digital signature systems provide a way to transfer trust from the public key to the signed data this is used extensively within PKIs. However some applications need a transfer of trust in the other direction from the signed data to the public key. Such a transfer is cryptographically robust only if the signature scheme has a property which we name exclusive ownership. In this article we show that the usual signature algorithms such as RSA 3 and DSS 4 do not have that property. Moreover we describe several constructs which may be used to transform a signature scheme into another signature scheme which provides exclusive ownership. 1 Introduction Digital signature schemes based on public-key cryptography are now used in many communication protocols. Signatures are used to convey trust from a public key to the data which is signed if the public key is known by some other mean to be associated with some entity who owns it . the entity has exclusive access to the corresponding private key then a valid signature on some data proves in a way verifiable by third parties and non repudiable by the key owner that the key owner had access to the data and deliberately agreed to that association between his public key and the data. This assumes of course that no other entity than the key owner has access to the private key and that the signature and verification algorithms are uncrackable with today s technology. Various semantics can be attached to the signature PKIs use it as a way to certify that the data is correct the key owner formally guarantees the exactness of the data . In this article we are interested in the reverse problem in which a signature on some data is known and we want to know whether the existence of a public key which validates that signature implies that the

• An ninh - Bảo mật
• Digital signature systems
• Guarantee Exclusive Ownership
• The Digital Signatures
• The Usual Algorithms
• Lack Exclusive Ownership
• Digital signature schemes
• Digital Signature Scheme
• Discrete logarithmic problem
• Hash Function
• DSA digital signature scheme
• Key distribution systems
• The digital signature category
• Parallel Multiple Signature
• Digital signature and multiple signature
• Different cases for different purposes
• The Multiple signature
• Multiple signature schemes examples
• The Elliptic Curve Digital Signature Algorithm
• Elliptic curve cryptosystems
• Elliptic curve discrete logarithm problem
• Elliptic Curve Digital Signature Algorithm
• Digital Signature Algorithm
• The Mathematical Background
• The Digital Signature Standard
• Definition of a Signature Scheme
• Classification of Attacks
• A Quick Overview
• Digital Signature
• Digital Signature Schema
• Discrete logarithm problem
• Type signature scheme
• Construction of problem analysis
• Problem analysis
• Signature scheme
• High requirements
• Root problem
• New key schemes
• Lược đồ chữ ký số
• Thuật toán chữ ký số
• Network Security
• Digital Signatures
• Practical Signature Schemes
• RSA Signature Scheme
• Istribution of public keys
• Data security
• Lecture Data security and encryption
• Mã hóa dữ liệu
• Bảo mật dữ liệu
• Schnorr signature schemes
• Random oracles
• Constructions based on bilinear maps
• Random oracle model
• TCP IP protocol suite
• Lecture TCP IP protocol suite
• Network layer
• Internet protocol
• Cryptography schemes
• Introduction to modern cryptography
• Modern cryptography
• Cryptographic hardness assumptions
• Computing discrete logarithms
• The public key revolution