Cryptography Reference
In-Depth Information
one's name on paper. On every level documented in this chapter, mathe-
matical constructions cannot simply be assumed to coincide with the
material and social world. Yet by applying the “real world” concept of
signature to their new mathematical construction, Diffie and Hellman
performed a powerful move: “an account of the new and unfamiliar in
terms of the familiar and intelligible.”
40
This reaching out to familiar “real-world” concepts would continue in
the context of even more unfamiliar mathematical objects. As cryptogra-
phers expanded their repertoire of cryptographic primitives, interactive
protocols, desirable design features, proof models, and security objectives,
these activities constituted a rich toolbox from which new and surprising
mathematical objects could be creatively assembled. This creative activity
has resulted in new configurations of the original signature protocol, most
of which cannot easily be related to paper-and-ink counterparts. These
include:
One-time signatures
The private/public key pair can be used to sign at most
one message.
41
Proxy signatures
In proxy schemes, the signer delegates her signing power
to a designated third party. Delegation comes in several flavors: full, partial,
and by warrant, differing in their efficiency and security properties. Among
the many variants are
one-time proxy signatures
,
anonymous proxy signatures
,
multiproxy signatures.
Group signatures
Any member of the group can sign a document, but it is
not possible to identify which one. If a dispute arises over the legitimacy
of a signature, a group manager (who controls membership) can be called
on to identify the signer.
42
Among the many variants proposed are
thresh-
old-type signatures
, in which given a group of size
n
, any subgroup of
k
members can produce a signature, but it is not possible to identify the
specific members of the subgroup;
43
multisignatures
, in which the size
k
of
the subgroup need not be specified in advance;
ring signatures
, which
require no group managers and no prespecified group size;
44
and
proxy
threshold signatures
.
Blind signatures
In these schemes (the basis of Chaum's anonymous cash
system), the signer affixes her signature to a document but cannot later
link the two together.
45
Variants include, among others,
fair blind signatures
,
in which the judge may be called on (e.g., by authorities) to link together
signature and document, and
proxy blind signatures
.
46
