Short Generic Transformation to Strongly Unforgeable Signature in the Standard Model

摘要

Standard signature schemes are usually devised to merely achieve existential unforgeability, i.e., to prevent forgeries on new messages not previously signed. Unfortunately, existential unforgeability is not suitable for several applications, since a new signature on a previously signed message may be produced. Therefore, there is a need to construct signature schemes with strong unforgeability, that is, it is hard to produce a new signature on any message, even if it has been signed before by legitimate signer. Recently, there have been several generic transformations proposed to convert weak unforgeability into strong unforgeability. For instance, various generic transforms of signatures that are existential unforgeable under adaptive chosen message attack (uf-cma) to strongly unforgeable under adaptive chosen message attack (suf-cma) have been proposed. Moreover, methods of converting signatures that are existentially unforgeable under generic chosen message attack (uf-gma) to uf-cma secure digital signatures have also been studied. Combination of these methods yields generic transform of digital signatures offering uf-gma security to suf-cma security. In this paper, we present a short universal transform that directly converts any uf-gma secure signatures into suf-cma secure. Our transform is the shortest generic transformation, in terms of signature size expansion, which results in suf-cma secure signature in the standard model. While our generic transformation can convert any uf-gma secure signature to suf-cma secure signature directly, the efficiency of ours is comparable to those which only transform signatures from uf-gma secure to uf-cma secure in the standard model.