Append-Only Signatures

Kiltz, Eike; Mityagin, Anton; Panjwani, Saurabh; Raghavan, Barath

doi:10.1007/11523468_36

Cited by 42 publications

(37 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other redactable signature schemes emerged since then, e.g., [9,24,1,22]. Second, Kiltz et al introduced append-only signatures [20]. Redactable and append-only malleable signature schemes would allow a third party to modify the signed message without requiring a secret key of their own.…”

Section: Definition 2 (Contingency:) Contingency Describes the Verifmentioning

confidence: 99%

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Pöhls

2013

Trust Management VII

View full text Add to dashboard Cite

Abstract. Digital signatures are by far the most prominent mechanisms to detect violations of integrity. When signing rights are delegated, the integrity protection is gradually weaker as the delegatee's actions are not considered integrity violations. Taken to an extreme, delegating the right to undetectably change everything to everyone will achieve a property called contingency. Contingency was introduced as the "dual of integrity" in 2009 by Rost and Pfitzmann in German [26] and later translated into English in 2011 [4]. Contingency describes the exact opposite of integrity: the provable absence of integrity. Following this line of privacy research, this paper gives the first rigorous definition of contingency and presents a cryptographic protocol build upon a transparent sanitizable signature scheme. Hence, contingency is a verifiable statement that the signer explicitly desired that the integrity status of data is not verifiable. We analyze legal implications and applications of contingent information.

show abstract

Section: Definition 2 (Contingency:) Contingency Describes the Verifmentioning

confidence: 99%

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Pöhls

2013

Trust Management VII

View full text Add to dashboard Cite

show abstract

“…Herranz and Galindo et al [27,23] obtain results about identity-based signature schemes permitting aggregation of signatures from the same signer only. Append-only signatures [31] is an interesting public-key primitive suggested for use in S-BGP route attestation, but no construction yielding less than ω( √ n)-size signatures for n signers is currently known. We clarify that [24] appears to be the only previous (non-interactive) identity-based aggregate signature scheme in the literature; another recent scheme of [18] is interactive.…”

Section: Identity-based Sequential Aggregate Signaturesmentioning

confidence: 99%

Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing

Boldyreva

Gentry

O’Neill

et al. 2007

Proceedings of the 14th ACM Conference on Computer and Communications Security

131

120

View full text Add to dashboard Cite

We construct two new multiparty digital signature schemes that allow multiple signers to sequentially produce a compact, fixed-length signature. First, we introduce a new primitive that we call ordered multisignatures (OMS), which allows signers to attest to a common message as well as the order in which they signed. Our OMS construction substantially improves computational efficiency and scalability over any existing scheme with suitable functionality. Second, we design a new identity-based sequential aggregate signature scheme, where signers can attest to different messages and signature verification does not require knowledge of traditional public keys. The latter property permits savings on bandwidth and storage as compared to public-key solutions. In contrast to the only prior scheme to provide this functionality, ours offers improved security that does not rely on synchronized clocks or a trusted first signer. We provide formal security definitions and support the proposed schemes with security proofs under appropriate computational assumptions. We focus on potential applications of our schemes to secure network routing, but we believe they will find many other applications as well.

show abstract

“…Similarly, HIBS can be constructed from any signature scheme, e.g., via the certification approach [17] by Gentry and Silverberg or via Append-Only Signatures due to Kiltz, Mityagin, Panjwani, and Raghavan [20]. Here, the key extraction authority basically emulates a public-key infrastructure: It generates a new public key for each identity and issues a certificate, binding the key to the identity.…”

Section: Introductionmentioning

confidence: 99%

Strongly Unforgeable Signatures and Hierarchical Identity-Based Signatures from Lattices without Random Oracles

Rückert

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a variant of the "bonsai tree" signature scheme, a lattice-based existentially unforgeable signature scheme in the standard model. Our construction offers the same efficiency as the "bonsai tree" scheme but supports the stronger notion of strong unforgeability. Strong unforgeability demands that the adversary is unable to produce a new message-signature pair (m, s), even if he or she is allowed to see a different signature s for m. In particular, we provide the first treeless signature scheme that supports strong unforgeability for the post-quantum era in the standard model. Moreover, we show how to directly implement identity-based, and even hierarchical identity-based, signatures (IBS) in the same strong security model without random oracles. An additional advantage of this direct approach over the usual generic conversion of hierarchical identity-based encryption to IBS is that we can exploit the efficiency of ideal lattices without significantly harming security. We equip all constructions with strong security proofs based on mild worst-case assumptions on lattices and we also propose concrete security parameters.

show abstract

Append-Only Signatures

Cited by 42 publications

References 14 publications

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing

Strongly Unforgeable Signatures and Hierarchical Identity-Based Signatures from Lattices without Random Oracles

Contact Info

Product

Resources

About