Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Requirement of the signer on disputes

The requirement of the signer on disputes As long as a signer has not authenticated a certain message, i.e., not carried out authentication for it, nobody should be able to make a court believe that she did, at least if she disavows that message in court. [Pg.59]

The requirement of the signer on disputes is a requirement of an interest group consisting of a signer, ids court, idc C-... [Pg.83]

Table 5.2. Overview of conceivable requirements of the signer on disputes. Table 5.2. Overview of conceivable requirements of the signer on disputes.
Ordinary security is the type of security that ordinary digital signature schemes offer The requirement of the signer on disputes is fulfilled computationally only, that of the recipient information-theoretically, and there is no fail-stop property. If transferability is required, the effectiveness of transfers also holds information-theoretically. [Pg.120]

If the requirement of the signer on disputes (or the fall-back requirement) is fulfilled without error probability, the requirement of the recipient on disputes (or the correctness of broken ) is not fulfilled at all. [Pg.123]

For all these types, realizations exist (see Chapter 6). Here and in the following, terms like computational seciuity for the signer are used as abbreviations for statements like the requirement of the signer on disputes is fulfilled against computationally restricted attackers . [Pg.124]

The security types considered are fail-stop, dual, and information-theoretic security. In other words, the schemes considered here offer information-theoretic security for signers, i.e., either the requirement or the fail-back requirement of the signer on disputes is fulfilled information-theoretically. [Pg.125]

Security parameters. As some requirements on a fail-stop signature scheme have to be fulfilled information-theoretically and others only computationally, it is natural to consider two security parameters. They are called a and k, where a measures the information-theoretic security and k the computational security. The primary role of cr is that the error probability in the fail-back requirement of the signer on disputes decreases exponentially with a. In other words, a determines the probability that the signer is cheated with unprovable forgeries. The primary role of k is to ensure the correctness of broken , i.e., the larger k is, the harder it should be to compute valid proofs of forgeries (and thus forgeries in the first place). [Pg.151]

The fail-back requirement of the signer on disputes is that, as long as she has not authenticated a certain message and is willing to disavow, a court should obtain a result acc e FALSE, broken in a dispute about this message. This requirement has to be fulfilled information-theoretically with an exponentially small error probability, and only the entities of the signer and the court are assumed to be correct. [Pg.162]

Lemma 7.5. If a standard fail-stop signature scheme guarantees the fall-back requirement of the signer on disputes against attackers that only initiate authentications and then one dispute, it also guarantees this requirement against general active attacks. ... [Pg.162]

Before the requirements that remain from Section 7.1.3 are formalized, the additional service properties that standard fail-stop signature schemes should have according to Section 6.1.2 are considered. It turns out that most of these requirements are automatically fulfilled according to the assumed structure of the entities around the algorithms from Definition 7.1 or 7.2, respectively. The only remaining one, the strong requirement of the signer on disputes in the case with special risk bearers, can be fulfilled by similar structural measures. [Pg.166]

As mentioned in Section 5.2.9, Combinations , it is usefiil in practice to add the strong requirement of the signer on disputes for the degree low to the minimal requirements. This means that on a computational assumption, the following is required even if the signer does not take part in a dispute ... [Pg.166]

If special risk bearers are considered, this requirement can be weakened in the same way as the minimal requirement of the signer on disputes The output may be FALSE or broken . (However, with the construction below, this weakening is not necessary.)... [Pg.166]

Lemma 7.8. A secure full standard fail-stop signature scheme, i.e., one that fulfils all the minimal requirements, also fulfils the strong requirement of the signer on disputes computationally. ... [Pg.167]

Hence the strong requirement of the signer on disputes is not mentioned again. [Pg.167]

Recall that the event Forge can only occur if key generation was successful. Hence Definition 7.14 correctly represents that successful initialization is a precondition in the requirement of the signer on disputes. [Pg.174]

The subset of security properties needed to prove the lower bounds only considers the case where all the entities, even those of the attackers, carry out key generation correctly, and neither active attacks on recipients nor provisions for finite transferability are used. Moreover, in the first class of schemes considered above, only unforgeability, and no requirement on disputes, is considered, and in the second class, with the same conventional definition, only the requirement of the signer on disputes, and not that of the recipient. (This suggests that one can prove more stringent bounds by using more requirements.)... [Pg.361]

See other pages where Requirement of the signer on disputes is mentioned: [Pg.83]    [Pg.84]    [Pg.85]    [Pg.88]    [Pg.89]    [Pg.89]    [Pg.91]    [Pg.92]    [Pg.94]    [Pg.126]    [Pg.147]    [Pg.162]    [Pg.167]    [Pg.167]    [Pg.173]   
See also in sourсe #XX -- [ Pg.59 , Pg.83 ]



SEARCH



Strong requirement of the signer on disputes

© 2024 chempedia.info