On-line/off-line digital signatures

  title={On-line/off-line digital signatures},
  author={Shimon Even and Oded Goldreich and Silvio Micali},
  journal={Journal of Cryptology},
A new type of signature scheme is proposed. It consists of two phases. The first phase is performed off-line, before the message to be signed is even known. The second phase is performed on-line, once the message to be signed is known, and is supposed to be very fast. A method for constructing such on-line/off-line signature schemes is presented. The method uses one-time signature schemes, which are very fast, for the on-line signing. An ordinary signature scheme is used for the off-line stage… 
Divisible On-Line/Off-Line Signatures
A new notion is introduced: divisible on-line/off-line signatures, in which exposure of off-line signature tokens in off-lines phase is allowed and an efficient construction of this type of signatures is proposed.
Improved On-line / Off-line Signature Schemes
The recently introduced notion of a trapdoor hash function is used to develop a new paradigm called hash-sign-switch, which can convert any signature scheme into a highly efficient on-line/off-line signature scheme and enhances the security of the original signature scheme.
Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results
This paper proposes two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function and shows that they are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption.
Efficient Generic On-Line/Off-Line Signatures Without Key Exposure
This paper introduces a special double-trapdoor hash family based on the discrete logarithm assumption and applies the "hash-sign-switch" paradigm to propose a much more efficient generic on-line/off-line signature scheme.
Efficient generic on-line/off-line (threshold) signatures without key exposure
Efficient On-line/Off-line Signature Schemes Based on Multiple-Collision Trapdoor Hash Families
This paper proposes multiple-collision trapdoor hash families based on discrete logarithm and factoring assumptions, and provides formal proofs of their security, and introduces an efficient on-line/off-line signature scheme based on the proposed trapdoorHash families.
Improved On-Line/Off-Line Threshold Signatures
This paper presents an alternative solution to the generic threshold version of on-line/off-line signature schemes based on the "hash-sign-switch" paradigm, which can be based on any threshold signature scheme, combined with a chameleon hash function based on discrete log, and shows that it can be proven secure based only on the traditional discrete logarithm assumption.
An Improved Secure Identity-Based On-Line/Off-Line Signature Scheme
A stronger attack is given which is able to make that any one can produce a forged signature on arbitrary a message in the absence of the private key of a signer and a valid signature of a message.
An Efficient On-Line/Off-Line Signature Scheme without Random Oracles
  • M. Joye
  • Computer Science, Mathematics
  • 2008
A novel on-line/off-line signature featuring the same on-lines efficiency but without relying on random oracles is presented.
Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results
This paper unify the Shamir-Tauman and Even et al. approaches by showing that they can be considered different instantiations of the same paradigm, and proves that a special type of chameleon hashing is a fully secure one-time signature.


On-Line/Off-Line Digital Schemes
A general construction which transforms any (ordinary) digital signature scheme to an on-line/off-line signature scheme is presented, entailing a small overhead, and allows us to prove that the existence of signature schemes which are unforgeable by known message attack is a (necessary and) sufficient condition for the existence.
Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme
The Goldwasser-Micali-Rivest Signature Scheme can be made totally "memoryless", and the original implementation of the GMR scheme based on factoring, can be speeded-up by a factor of |N|.
Collision Free Hash Functions and Public Key Signature Schemes
The ability of a hash function to improve security and speed of a signature scheme is discussed: for example, it can combine the RSA-system with a collision free hash function based on factoring to get a scheme which is more efficient and much more secure.
A Digital Signature Based on a Conventional Encryption Function
A new digital signature based only on a conventional encryption function (such as DES) is described which is as secure as the underlying encryption function -- the security does not depend on the
A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important
One-way functions are necessary and sufficient for secure signatures
  • J. Rompel
  • Computer Science, Mathematics
    STOC '90
  • 1990
This paper is interested in signature schemes which are secure agMnst existential forgery under adaptive chosen message attacks, and the existence of trapdoor permutations can be shown to be necessary and sufficient for secure encryption schemes.
  • M. Rabin
  • Mathematics, Computer Science
  • 1979
It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.
A modification of the RSA public-key encryption procedure (Corresp.)
  • H. C. Williams
  • Computer Science, Mathematics
    IEEE Trans. Inf. Theory
  • 1980
For this modified version of the RSA scheme, it is shown that, if the encryption procedure can be broken in a certain number of operations, then R can be factored in only a few more operations.