This paper addresses the security of public key signature schemes in a ""multi-user"" setting. We bound the advantage of an adversary in producing an existential forgery on any one of a set of target public keys by the advantage of an adversary in producing an existential forgery on a single public key for any public key signature algorithm. We then improve the concrete security of this general reduction for certain specific discrete logarithm based signature algorithms such as that of Schnorr.
|Translated title of the contribution||Public key signatures in the multi-user setting|
|Pages (from-to)||263 - 266|
|Number of pages||3|
|Journal||Information Processing Letters|
|Publication status||Published - Jun 2002|