Information Technology Reference
In-Depth Information
The diculty of forging server's signatures (even by the group coordinator or
another server) follows from the properties of the underlying signature scheme,
and it can be reduced to the diculty of solving the discrete logarithm problem
(see [6] and [9] for a more detailed discussion). An attack with the aim of reveal-
ing the secret key
x
by contacting multiple (or all) servers of the anycast group
does not give a greater chance to succeed than getting multiple signatures from
a single proxy in the underlying signature delegation scheme and, consequently,
than the same attack on the original signature scheme. This follows from the fact
that distinct random values are used to generate the secret keys
x
i
for distinct
anycast servers. For the same reason, an effort by one or more anycast servers
to find
x
using their secret keys
x
i
does not have a greater chance than a similar
attack by a single proxy in the original signature delegation scheme.
Considering the computational complexity, the initialization phase requires,
besides several multiplications, at least five exponentiation mod
p
to create a
secret key for one server. However, this is done just once, and thus this part
of the computational complexity need not be of great concern. Signing of a
message by a server requires one exponentiation and verification by the client
three exponentiations. However, in the frequent case where a single server sends
several messages to the same client, the value
y
t
i
t
i
can be kept in the client's
memory and need not be computed repeatedly.
References
1. Bhattaachrjee, S., Ammar, M., Zegura, E., and Fei, Z.: Application-layer anycasting.
In proceedings of the IEEE
INFOCOM '97
(1997)
2. Hinden, R.M.: IP next generation overview. Internet draft,
http://playground.sun.com/pub/ipng/html/INET-IPng-paper.html
3. K. Hwang, S. J. and Shi, Chi-Hwai: A Simple multiproxy signature scheme. In
proceedings of the tenth national conference on Information Security, Taiwan (2000)
134-138
4. Kim, S., Park, S., and Won, D.: Proxy signatures, Revisted. In
ICICS'97,
Springer-
Verlag, LNCS, vol. 1334 (1997) 223-232
5. Lee, B., Kim, H., and Kim, K.: Strong proxy signature and its applications. In the
Symposium on Cryptography and Information Security, SCIS'01
, Japan (2001)
6. Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures for delegating signing oper-
ation. IEICE Trans. Fundamentals, vol. E79-A, no. 9 (1996) 1338-1354
7. Schnorr, C.: Ecient Signature Generation by Smart Cards.
Journal of Cryptology
,
vol. 4, no. 3 (1991) 161-174
8. Yi, L. Bai, G. and Xia G.: “Proxy multi-signature scheme: A new type of proxy
signature scheme,” Electronic letters, vol. 36, no. 6 (2000) 527-528
9. Zhang, K.: Threshold proxy signature scheme. In proceedings of the first interna-
tional informational security workshop,
ISW'97,
Springer-Verlag, LNCS, vol. 1396
(1997)
