Date: 2001/6/8Name: Kazuo OHTAThe University of Electro-Communications, Department of Information and Communication Engineering, Professor
In this paper we introduce two types of reductions in the provably
secure multi-signatures: one is an insensitive
reduction, and the other a sensitive reduction. This
paper gives two methods of constructing a secure
multi-signature scheme in the strong security model from a
scheme secure in the weak security model, and also gives
some concrete and practical examples of these construction
methods.
Title:On the security of Multi-Signature Schemes
In multi-signature schemes, where multiple users sign on a
single message, it has been recently recognized that a
straightforward extension of the security definition of
usual (or single) signature schemes is not sufficient. That
is, the key generation/registration phase can be a target of
an adversary in addition to the traditional adversarial
model, in the multi-signature schemes. This paper defines
two models of the security definition of multi-signature
schemes: weak security model(straightforward
extension of usual signature scheme's definition: no key
generation phase attacks are considered), and strong
security model (key generation phase attacks as well as the
traditional attacks are considered).