dc.contributor.author | Gjøsteen, Kristian | |
dc.contributor.author | Jager, Tibor | |
dc.date.accessioned | 2019-03-22T11:21:32Z | |
dc.date.available | 2019-03-22T11:21:32Z | |
dc.date.created | 2019-01-13T10:08:11Z | |
dc.date.issued | 2018 | |
dc.identifier.citation | Lecture Notes in Computer Science. 2018, 10992 LNCS 95-125. | nb_NO |
dc.identifier.issn | 0302-9743 | |
dc.identifier.uri | http://hdl.handle.net/11250/2591282 | |
dc.description.abstract | Tight security is increasingly gaining importance in real-world cryptography, as it allows to choose cryptographic parameters in a way that is supported by a security proof, without the need to sacrifice efficiency by compensating the security loss of a reduction with larger parameters. However, for many important cryptographic primitives, including digital signatures and authenticated key exchange (AKE), we are still lacking constructions that are suitable for real-world deployment.
We construct the first truly practical signature scheme with tight security in a real-world multi-user setting with adaptive corruptions. The scheme is based on a new way of applying the Fiat-Shamir approach to construct tightly-secure signatures from certain identification schemes.
Then we use this scheme as a building block to construct the first practical AKE protocol with tight security. It allows the establishment of a key within 1 RTT in a practical client-server setting, provides forward security, is simple and easy to implement, and thus very suitable for practical deployment. It is essentially the “signed Diffie-Hellman” protocol, but with an additional message, which is crucial to achieve tight security. This additional message is used to overcome a technical difficulty in constructing tightly-secure AKE protocols.
For a theoretically-sound choice of parameters and a moderate number of users and sessions, our protocol has comparable computational efficiency to the simple signed Diffie-Hellman protocol with EC-DSA, while for large-scale settings our protocol has even better computational performance, at moderately increased communication complexity. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Springer Verlag | nb_NO |
dc.title | Practical and tightly-secure digital signatures and authenticated key exchange | nb_NO |
dc.type | Journal article | nb_NO |
dc.type | Peer reviewed | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 95-125 | nb_NO |
dc.source.volume | 10992 LNCS | nb_NO |
dc.source.journal | Lecture Notes in Computer Science | nb_NO |
dc.identifier.doi | 10.1007/978-3-319-96881-0_4 | |
dc.identifier.cristin | 1655549 | |
dc.description.localcode | This is a post-peer-review, pre-copyedit version of an article published in [Lecture Notes in Computer Science] Locked until 24.7.2019 due to copyright restrictions. The final authenticated version is available online at: https://doi.org/10.1007/978-3-319-96881-0_4 | nb_NO |
cristin.unitcode | 194,63,15,0 | |
cristin.unitname | Institutt for matematiske fag | |
cristin.ispublished | true | |
cristin.fulltext | preprint | |
cristin.qualitycode | 1 | |