in Proceedings of 7th Information Security Conference (ISC), Lecture Notes in Computer Science vol. 3225, Springer, pp. 61-72, September 2004. Preprint on IACR ePrint 2003/240.
Canetti and Rabin recently proposed a universally composable ideal functionality FSIG for digital signatures. We show that this functionality cannot be securely realized by any signature scheme, thereby disproving their result that any signature scheme that is existentially unforgeable under adaptive chosen-message attack is a secure realization. Next, an improved signature functionality is presented.We show that our improved functionality can be securely realized by precisely those signature schemes that are secure against existential forgery under adaptive chosen-message attacks.
This publication is accompanied by links to downloadable versions of this publication. These documents do not necessarily correspond exactly to the cited version. Instead, in most cases full or updated versions are provided. For access to the official version, follow the "Official version" link to the publishers site.