Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Standard ordinary digital signature scheme

Nevertheless, standard fail-stop signature schemes used in this way are not standard ordinary digital signature schemes, mainly because the latter have non-interactive key generation. However, if the output broken in disputes is replaced with TRUE, no risk remains for anybody except for the signer. Hence one can permit the signer s entity to carry out the complete key generation on its own. [Pg.202]

Moreover, standard ordinary digital signature schemes have only one security parameter. This can be realized by choosing k= a. Finally, the algorithms prove and verify are not needed they are simply omitted in the construction. [Pg.202]

A precise definition of standard ordinary digital signature schemes in the notation used here is omitted for brevity it can easily be adapted fi-om [G0MR88] and seen in the proof below. [Pg.202]

Theorem 7.37. From every secure standard fail-stop signature scheme, a secure standard ordinary digital signature scheme can be constructed as follows. Without loss of generality, a scheme with one risk bearer can be used — if a scheme with several risk bearers is given, let R = 1 constantly. [Pg.202]

Proof. First, key generation is always successfiil according to Definition 7.9a and b. (Note that there is no formal difference between the execution of Gen by one party and by two parties.) This is not an explicit requirement with standard ordinary digital signature schemes, but it is implicitly required that every execution of key... [Pg.202]

Effectiveness of authentication follows immediately from Definition 7.10. Usually, error-free effectiveness of authentication is required with standard ordinary digital signature schemes. This is guaranteed if effectiveness of authentication is error-free in the underlying standard fail-stop signature scheme, or at least in the case of correct execution of Gen, i.e., with B = B. In particular, this is the case if a standard fail-stop signature scheme with prekey is used (Theorem 7.34b). [Pg.203]

The only other formal security requirement on standard ordinary digital signature schemes is unforgeability. It follows immediately from Theorem 7.24 and Remark 7.23. ... [Pg.203]

The actual definition of so-called standard fail-stop signature schemes is contained in Section 7.1. In Section 7.2, relations to alternative or additional security properties are shown. Section 7.3 presents fail-stop signature schemes with prekey, an important subclass, and proves simplified security criteria for them. Section 7.4 shows the relation between standard fail-stop signature schemes and ordinary digital signature schemes. Section 7.5 contains constructions of schemes with many risk bearers from schemes with one risk bearer. [Pg.149]

See other pages where Standard ordinary digital signature scheme is mentioned: [Pg.202]    [Pg.202]    [Pg.367]    [Pg.368]   
See also in sourсe #XX -- [ Pg.202 ]



SEARCH



Digital signature scheme

Digital signatures

Ordinary digital signature scheme

Signature

Signature scheme

Standardization Schemes

© 2024 chempedia.info