# On-line/off-line digital signatures

@article{Even2005OnlineofflineDS, title={On-line/off-line digital signatures}, author={Shimon Even and Oded Goldreich and Silvio Micali}, journal={Journal of Cryptology}, year={2005}, volume={9}, pages={35-67} }

A new type of signature scheme is proposed. It consists of two phases. The first phase is performed off-line, before the message to be signed is even known. The second phase is performed on-line, once the message to be signed is known, and is supposed to be very fast. A method for constructing such on-line/off-line signature schemes is presented. The method uses one-time signature schemes, which are very fast, for the on-line signing. An ordinary signature scheme is used for the off-line stage…

## 410 Citations

Divisible On-Line/Off-Line Signatures

- Computer ScienceCT-RSA
- 2008

A new notion is introduced: divisible on-line/off-line signatures, in which exposure of off-line signature tokens in off-lines phase is allowed and an efficient construction of this type of signatures is proposed.

Improved On-line / Off-line Signature Schemes

- Computer Science, Mathematics

The recently introduced notion of a trapdoor hash function is used to develop a new paradigm called hash-sign-switch, which can convert any signature scheme into a highly efficient on-line/off-line signature scheme and enhances the security of the original signature scheme.

Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

- Computer Science, MathematicsInternational Journal of Information Security
- 2013

This paper proposes two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function and shows that they are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption.

Efficient Generic On-Line/Off-Line Signatures Without Key Exposure

- Computer ScienceACNS
- 2007

This paper introduces a special double-trapdoor hash family based on the discrete logarithm assumption and applies the "hash-sign-switch" paradigm to propose a much more efficient generic on-line/off-line signature scheme.

Efficient generic on-line/off-line (threshold) signatures without key exposure

- Computer ScienceInf. Sci.
- 2008

Efficient On-line/Off-line Signature Schemes Based on Multiple-Collision Trapdoor Hash Families

- Computer Science, MathematicsComput. J.
- 2010

This paper proposes multiple-collision trapdoor hash families based on discrete logarithm and factoring assumptions, and provides formal proofs of their security, and introduces an efficient on-line/off-line signature scheme based on the proposed trapdoorHash families.

Improved On-Line/Off-Line Threshold Signatures

- Computer Science, MathematicsPublic Key Cryptography
- 2007

This paper presents an alternative solution to the generic threshold version of on-line/off-line signature schemes based on the "hash-sign-switch" paradigm, which can be based on any threshold signature scheme, combined with a chameleon hash function based on discrete log, and shows that it can be proven secure based only on the traditional discrete logarithm assumption.

An Improved Secure Identity-Based On-Line/Off-Line Signature Scheme

- Computer Science, MathematicsISA
- 2009

A stronger attack is given which is able to make that any one can produce a forged signature on arbitrary a message in the absence of the private key of a signer and a valid signature of a message.

An Efficient On-Line/Off-Line Signature Scheme without Random Oracles

- Computer Science, MathematicsCANS
- 2008

A novel on-line/off-line signature featuring the same on-lines efficiency but without relying on random oracles is presented.

Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results

- Computer Science, MathematicsPublic Key Cryptography
- 2008

This paper unify the Shamir-Tauman and Even et al. approaches by showing that they can be considered different instantiations of the same paradigm, and proves that a special type of chameleon hashing is a fully secure one-time signature.

## References

SHOWING 1-10 OF 44 REFERENCES

On-Line/Off-Line Digital Schemes

- Computer ScienceCRYPTO
- 1989

A general construction which transforms any (ordinary) digital signature scheme to an on-line/off-line signature scheme is presented, entailing a small overhead, and allows us to prove that the existence of signature schemes which are unforgeable by known message attack is a (necessary and) sufficient condition for the existence.

Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme

- Computer ScienceCRYPTO
- 1986

The Goldwasser-Micali-Rivest Signature Scheme can be made totally "memoryless", and the original implementation of the GMR scheme based on factoring, can be speeded-up by a factor of |N|.

Collision Free Hash Functions and Public Key Signature Schemes

- Computer Science, MathematicsEUROCRYPT
- 1987

The ability of a hash function to improve security and speed of a signature scheme is discussed: for example, it can combine the RSA-system with a collision free hash function based on factoring to get a scheme which is more efficient and much more secure.

A Digital Signature Based on a Conventional Encryption Function

- Computer ScienceCRYPTO
- 1987

A new digital signature based only on a conventional encryption function (such as DES) is described which is as secure as the underlying encryption function -- the security does not depend on the…

A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

- Computer Science, MathematicsSIAM J. Comput.
- 1988

A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.

A method for obtaining digital signatures and public-key cryptosystems

- Computer Science, MathematicsCACM
- 1978

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

A method for obtaining digital signatures and public-key cryptosystems

- Computer Science, MathematicsCACM
- 1983

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important…

One-way functions are necessary and sufficient for secure signatures

- Computer Science, MathematicsSTOC '90
- 1990

This paper is interested in signature schemes which are secure agMnst existential forgery under adaptive chosen message attacks, and the existence of trapdoor permutations can be shown to be necessary and sufficient for secure encryption schemes.

DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION

- Mathematics, Computer Science
- 1979

It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.

A modification of the RSA public-key encryption procedure (Corresp.)

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1980

For this modified version of the RSA scheme, it is shown that, if the encryption procedure can be broken in a certain number of operations, then R can be factored in only a few more operations.