
2 Bacar NOURDINE, Mouhamed Lamine MBAYE, and Demba SOW
cryptography plays in the process of securing data and information.
Another method of producing secure signatures is to use the notion of atomic
proxy cryptography introduced in 1998 by Matt Blazz and Martin Strauss [1,2].
They highlighted the notion of proxy functions which are tools to convert a valid
signature for one key into another valid for another key without disclosing the
secret signature keys. This signing technical was first explained by Mambo, et
al., in 1996 [22], and allows for delegating signature rights which is an idea that
is the subject of several types of research [6,19,20,21]. It’s true that the objec-
tive of these seminal works can differ in terms of primitive construction but the
base always remains threshold cryptography which is still a very well updated
research field. This is illustrated by the fact that a project to drive an effort to
standardize threshold schemes for cryptographic primitives has been established
by the Computer Security Division at the National Institute of Standards and
Technology (NIST) [26]. But, in this work, we use the notion of unidirectional
proxy function [16] which is a category of proxy functions that allow one user
to generate signature corresponding to the secret key of another user even if the
first user doesn’t hold the secret key.
Another RSA-based signature scheme called post-quantum Probabilistic Full
Domain Hash (pqPFDH) [23] is a main idea in this work. It’s a variant of the
Full domain Hash signature scheme with a random generated for each signature
process. Its security, relatively close to that of RSA, was proven in the random
oracle model. In the security proof, it is assumed that the hash function used is
ideal and the RSA trapdoor permutation holds.
The goal, in this paper, is to construct the unidirectional version of pqPFDH
which is proven secure in the random oracle model. The security is not only
guaranteed against any user Ubut also against the proxy Pand the user F
that hold two secret parts delegated by Ufrom its private key so that they can
securely sign on behalf of him. This feature allows Fand Pto cooperate and
generate signatures corresponding to the secret key of Ubut they can’t perform
this functionality without collaboration. This construction can be very important
in the functioning of administrations. Indeed, an agent may be called upon to
sign important transactions without being bound by the required secrecy. It’s a
good idea that the owner of the secret can delegate his signing rights by giving
a proxy key to this representative without the risk of compromising security.
To prove the security of signature scheme against the proxy P, the users
Fand U, we generally proceeds by demonstrating that, if a polynomial-time
adversary Acan break the signature scheme, it can be used by a reduction
algorithm Rto invert in polynomial time some related one-way-function. Given
an attacker Awhich can break the signature in time τAwith success probability
at least εAfor the reduction proof, Rmust simulate the environment of A
and solve the problem (invert the one way function) with time τR≥τAand
success probability εR≤εA. For tightness of the reduction, it is required to
have εR≈εAand τR≈τA+polynom(k), where kis a security parameter.
The paper is structured as follows. The next section describes some previous
works on signature scheme based on RSA and their security. It also includes some