On Composable Security for Digital Signatures

Christian Badertscher, Ueli Maurer, Björn Tackmann

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A digital signature scheme (DSS), which consists of a key-generation, a signing, and a verification algorithm, is an invaluable tool in cryptography. The first and still most widely used security definition for a DSS, existential unforgeability under chosen-message attack, was introduced by Goldwasser, Micali, and Rivest in 1988.

As DSSs serve as a building block in numerous complex cryptographic protocols, a security definition that specifies the guarantees of a DSS under composition is needed. Canetti (FOCS 2001, CSFW 2004) as well as Backes, Pfitzmann, and Waidner (CCS 2003) have described ideal functionalities for signatures in their respective composable-security frameworks. While several variants of these functionalities exist, they all share that the verification key and signature values appear explicitly.

In this paper, we describe digital signature schemes from a different, more abstract perspective. Instead of modeling all aspects of a DSS in a monolithic ideal functionality, our approach characterizes a DSS as a construction of a repository for authentically reading values written by a certain party from certain assumed repositories, e.g., for transmitting verification key and signature values. This approach resolves several technical complications of previous simulation-based approaches, captures the security of signature schemes in an abstract way, and allows for modular proofs.

We show that our definition is equivalent to existential unforgeability. We then model two example applications: (1) the certification of values via a signature from a specific entity, which with public keys as values is the core functionality of public-key infrastructures, and (2) the authentication of a session between a client and a server with the help of a digitally signed assertion from an identity provider. Single-sign-on mechanisms such as SAML rely on the soundness of the latter approach.
Original languageEnglish
Title of host publicationPublic-Key Cryptography – PKC 2018
Subtitle of host publication21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, March 25-29, 2018, Proceedings, Part I
EditorsMichel Abdalla, Ricardo Dahab
PublisherSpringer
ChapterChapter 17
Pages494-523
Number of pages30
Volume10769
ISBN (Electronic)978-3-319-76578-5
ISBN (Print)978-3-319-76577-8
DOIs
Publication statusPublished - 5 Mar 2018
Externally publishedYes
Event21st edition of the International Conference on Practice and Theory of Public Key Cryptography - Rio De Janeiro, Brazil
Duration: 25 Mar 201829 Mar 2018
https://pkc.iacr.org/2018/index.html

Publication series

NamePublic-Key Cryptography – PKC 2018
Volume10769
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st edition of the International Conference on Practice and Theory of Public Key Cryptography
Abbreviated titlePKC 2018
Country/TerritoryBrazil
CityRio De Janeiro
Period25/03/1829/03/18
Internet address

Fingerprint

Dive into the research topics of 'On Composable Security for Digital Signatures'. Together they form a unique fingerprint.

Cite this