Unconditionally secure signature schemes revisited

Abstract

AbstractUnconditionally secure signature (USS) schemes provide the ability to electronically sign documents without the reliance on computational assumptions needed in traditional digital signatures. Unlike digital signatures, USS schemes require that verification algorithms are not public – for any possible signer, a given user must have a different secret verification algorithm corresponding to that signer. Thus, any viable security definition for a USS scheme must carefully treat the subject of what constitutes a valid signature. That is, it is important to distinguish between signatures that are created using a user's signing algorithm and signatures that may satisfy one or more user verification algorithms. Moreover, given that each verifier has his own distinct verification algorithm, a USS scheme must necessarily handle the event of a disagreement. In this paper, we present a new security model for USS schemes that incorporates these notions, as well as give a formal treatment of dispute resolution and the trust assumptions required. We provide formal definitions of non-repudiation and transferability in the context of dispute resolution, and give sufficient conditions for a USS scheme to satisfy these properties. We then extend our basic framework to the setting of strong key-insulated signatures, which increase robustness against key exposure. Finally, we give security analyses for two constructions: Hanaoka et al.'s construction, which we show is secure in our basic USS model, and a key-insulated extension of this construction, which is secure in our strong key-insulated model. This is an extended version of the conference paper [Lecture Notes in Comput. Sci. 6673, Springer, Berlin (2011), 100–116], which appeared in ICITS 2011.