Is the notion of divisible on-line/off-line signatures stronger than on-line/off-line signatures?

Man Ho Allen Au, Willy Susilo, Yi Mu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

3 Citations (Scopus)


On-line/Off-line signatures are useful in many applications where the signer has a very limited response time once the message is presented. The idea is to perform the signing process in two phases. The first phase is performed off-line before the message to be signed is available and the second phase is performed on-line after the message to be signed is provided. Recently, in CT-RSA 2009, Gao et al. made a very interesting observation that most of the existing schemes possess the following structure. In the off-line phase, a partial signature, called the off-line token is computed first. Upon completion of the on-line phase, the off-line token constitutes part of the full signature. They considered the "off-line token exposure problem" in which the off-line token is exposed in the off-line phase and introduced a new model to capture this scenario. While intuitively the new requirement appears to be a stronger notion, Gao et al. cannot discover a concrete attack on any of the existing schemes under the new model. They regard clarifying the relationship between the models as an open problem. In this paper, we provide an affirmative answer to this open problem. We construct an On-line/Off-line signature scheme, which is secure under the ordinary security model whilst it is insecure in the new model. Specifically, we present a security proof under the old model and a concrete attack of the scheme under the new model. This illustrates that the new model is indeed stronger.
Original languageEnglish
Title of host publicationProvable Security - Third International Conference, ProvSec 2009, Proceedings
Number of pages11
Publication statusPublished - 1 Dec 2009
Externally publishedYes
Event3rd International Conference on Provable Security, ProvSec 2009 - Guangzhou, China
Duration: 11 Nov 200913 Nov 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5848 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference3rd International Conference on Provable Security, ProvSec 2009


  • Divisible on-line/off-line signatures
  • On-line/off-line signatures

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Is the notion of divisible on-line/off-line signatures stronger than on-line/off-line signatures?'. Together they form a unique fingerprint.

Cite this