Cryptography: Theory and Practice

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
COMS W4995 Introduction to Cryptography November 18, 2003 Lecture 22: Message Authentication Codes Lecturer: Tal Malkin Scribes: Gopal Ananthraman Summary Digital Signature scheme summary.Definitions of Message Authentication Codes and security for MAC.Construction of fixed length MAC using PRF, extensions of fixed length MAC to larger sized messages. 1 Digital Signature schemes summary We saw that Digital Signatures that were stateful and based on CRHF but more general constructions exist. Theorem 1 There exists a secure signature scheme that is stateless and based on any One Way Function. ( OWF ⇐⇒ SIG ) Proof: We will not show this construction. Categories of Digital signatures The ones that are provably secure, that are provably secure in the Random oracle model and the ones that are not provably secure at all ( but are typically more efficient). Provably Secure First stateful construction was given by Goldwasser,Micali and Rivest First staeless construction was given by Goldreich 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Merkle signatures( which we saw last time) Naor-Yung (A tree based signature scheme which we didn’t see) The most efficient Provably Secure Signature scheme based on strong RSA assumption was presented by Cramer-Shoup in 2000 with improvement from Fischilin in 2002. A strong RSA assumption states it is hard to take *any* root for *any* exponent instead of a fixed or randomly chosen exponent as in regular RSA assumption. Provably secure in the Random Oracle model These are an attempt to get more efficient as those that are not provably secure. Full domain hash Fiat Shamir Schnorr signatures Guillou-Quisquater (GQ) signatures Not provably secure at all but used practically Digital Signature Standard/ Digital Signature Algortithm ( DSS/DSA) Variation of ElGamal.We don’t know how to show they are insecure, based heuristically ( but not provably) on DLOG Assumption. PKCS#1 RSA Signatures
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/30/2008 for the course ICS 268 taught by Professor Jarecki during the Fall '04 term at UC Irvine.

Page1 / 6

malkin22 - COMS W4995 Introduction to Cryptography Lecture...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online