International Journal of Information Security (IJIS), 4(4):242-252, 2005.
Protocols for problems like Byzantine agreement, clock synchronization or contract signing often use digital signatures as the only cryptographic operation. Proofs of such protocols are frequently based on an idealizing “black-box” model of signatures. We show that the standard cryptographic security definition for digital signatures is not sufficient to ensure that such proofs are still valid if the idealized signatures are implemented with real, provably secure signatures. We propose a definition of signature security suitable for general reactive, asynchronous environments, called reactively secure signature schemes, and prove that for signature schemes where signing just depends on a counter as state the standard security definition implies our definition. We further propose an idealization of digital signatures which can be used in a reactive and composable fashion, and we show that reactively secure signature schemes constitute a secure implementation of our idealization.
This publication is accompanied by links to downloadable versions of this publication. These documents do not necessarily correspond exactly to the cited version. Instead, in most cases full or updated versions are provided. For access to the official version, follow the "Official version" link to the publishers site.