Digital signature schemes: general framework and fail-stop signatures (Q1923137)

This book is essentially the author's Ph. D. thesis. The reviewer fully agrees with the German Gesellschaft für Informatik (GI) who honoured this excellent thesis in 1995 by an award for ``foundations of informatics''. Digital signature schemes are the electronic equivalent of handwritten signatures of messages on paper. The first part of the present book gives a detailed description of several aspects of digital signatures. (The book contains an almost complete bibliography with more than 300 items.) The second part of the book describes fail-stop signatures. That is a new class of digital signature schemes with particularly high security. In all previously known digital signature schemes, the security of signers was based on computational assumptions, i.e. an attacker with an unexpectedly efficient algorithm or unexpectedly large resources could forge signatures for which a signer would be held responsible exactly as for his/her real signatures. The basic idea of fail stop signature was first described by the author when she was a university student at Karlsruhe (1989). A fail-stop signature scheme contains all the components of an ordinary digital signature scheme, and, as long as the cryptologic assumption is not broken, it works in that way. However, if someone succeeds in forging a signature, in spite of the assumption, the supposed signer can prove that it is a forgery. A fail-stop signature scheme contains at least two new components, in addition to a normal digital signature scheme. Namely, an algorithm to produce a proof of forgery by means of a forged signature and the secret key and another algorithm that the remaining users can verify that something really is a proof of forgery. Intuitive illustration is a railway semaphore with oscillating arms, its arm drops if the power-supply is broken. In this way one can see what was called subliminal channel by \textit{G. J. Simmons} [see Crypto `83, 51-67 (Plenum Press, New York, 1984); see Zbl 0609.94003 for the entire collection ] has been applied by the present author, but the idea of subliminal channel is an old one. This book has a strong mathematical background, but it is also useful for engineers.