in Proceedings of 6th Information Security Conference (ISC), Lecture Notes in Computer Science vol. 2851, Springer, pp. 84-95, October 2003.
Protocols for problems like Byzantine agreement, clock synchronization or contract signing often use digital signatures as the only cryptographic operation. Proofs of such protocols are frequently based on an idealizing “blackbox” model of signatures. We show that the standard cryptographic security definition for digital signatures is not sufficient to ensure that such proofs are still valid if the idealized signatures are implemented with real, provably secure signatures. We propose a definition of signature security in general reactive, asynchronous environments and prove that for signature schemes where signing just depends on a counter as state the standard security definition implies our definition.
This publication is accompanied by links to downloadable versions of this publication. These documents do not necessarily correspond exactly to the cited version. Instead, in most cases full or updated versions are provided. For access to the official version, follow the "Official version" link to the publishers site.