Reviewing and improving digital signature schemas

A digital signature scheme offers a cryptographic analogue of handwritten signatures that, in fact, provides much stronger security guarantees. Digital signatures serve as a powerful tool and are now accepted as legally binding in many countries; they can be used for certifying contracts or notarizing documents, for authentication of individuals or corporations, and as components of more complex protocols. Digital signatures also enable the secure distribution and transmission of public keys and thus, in a very real sense, serve as the foundation for all of public-key cryptography.[1] The paper introduces the representative examples of digital signature schemes: Lamport one-time digital signature, Batch signature schema and N-ary tree schema. Each schema with detailed mathematical explanations and analysis of its advantages and defects are presented below.


Introduction
Digital Signature is a device which helps you to verify the message you receive is exactly from the one you want to hear from and the message itself has not been changed by someone else. In other words, digital signature helps secure the message's authentication and integrity; thus, make the exact message convey between two exact people. Its characteristics make it especially useful in business field and during war time.
The signer -the sender -first need to use an algorithm to generate a private key and a matching public key. Then it should keep the private key to their own, but can make the public key entire public. When uses it to sign messages, the first need to hash the original message according to the selected scheme, and then sign that message with the private key. The versifier -the receiver -needs to use the matching public key to later verify. And since the public key are made public, actually everyone can verify the message, but with the public key no one can sign any new messages.

Lamport one-time digital signature
One-time signature schema, a kind of digital signature schemas, is used to sign at most one message; otherwise the signature can be forged [2]. One of the advantages is that the one-time signature generation and verification are very efficient and it is useful for chip cards, where low computation complexity is required. Lamport first invented a one-time digital signature schema based on one-way functions. [3] The Lamport One-Time Signature Schema (LOTSS) is a signature schema in which the public key can only be used to sign a single message. The security of the LOTSS is based on cryptographic hash functions. Any secure hash function can be used, which makes this signature schema very adjustable. If a hash function becomes insecure it can easily be exchanged by another secure hash function. [4] In this section, we briefly review the Lamport one-time digital signature, which includes three attempts with three algorithms: key generation, signature and verification.

Signature
If m[i] = 1, xi will be part of S. Else if m[i] = 0, xi will not be part of S. The signature would contain the number of 1s in the message, and define it as length l. The time for signing would be the speed your computer identify 0 and 1 in the message and pick out corresponding xn in SK.

Verification
Given m, see which of the random numbers should be part of S. Check that those random numbers are correct by apply f and comparing with the value in PK.
Define the time to compute a one-way hash function to be t_f. The time for verifying is l*t_f.

Key generation
Using OWF, denote f.

Signature
If m[i] = 1, xi' will be part of S. Else if m[i] = 0, xi will be part of S. The signature would be the same length as the message, and define it as length l. The time for signing would be the speed your computer identify 0 and 1 in the message and pick out corresponding xn or xn' in SK.

Verification
Given m, see which of the random numbers should be part of S. Check that those random numbers are correct by apply f and comparing with the value in PK.
Define the time to compute a one-way hash function to be t_f. The time for verifying is l*t_f.

Key generation
Using OWF, denote f. The time for signing would be the speed your computer identify 0 and 1 in m||Z(m) and pick out corresponding xn in SK.

Verification
Given m, see which of the random numbers should be part of S. Check that those random numbers are correct by apply f and comparing with the value in PK.
Define the time to compute a one-way hash function to be t_f. The time for verifying is l*t_f.

Lamport one-time digital signature schema conclusion
In the above case, 'The first Attempt' is the simplest scheme, but it is insecure since any one can sign another message with a known signature; the second one is secure, but it can be only used once, and the key would be too long; the third one is most recommended in this case, for it is not only safe, but also comparably short, but it also can only be used once. To sum up, the whole case is not ideal and efficient enough.

Batch signature schema
The concept of batch signing multiple digital signatures is to find a method by which multiple digital signatures can be signed simultaneously in a lower time complexity than separately signing all the signatures.
In the below case, define the length of S to be l, and since the verifying time of S is comparably small to the hashing process, we just ignore it in the following calculation. And we define the time used to calculate a hash function as t_h, the length of the hash function as l_h.
The length of each signature would be (k-1)m+l. The time for signing would be 1*t_h.
The time for verifying is 1*t_h.

Signature
Sign The time for signing would be 3*t_h.
The time for verifying is 2*t_h.
The time for verifying is 2*t_h.

Batch signature schema conclusion
In the above case, all of the attempts are secure. However, the second and the third ones are more preferable due to their shorter signature on each message. The second and the third one is essentially based on the same idea, but the third one divides all of the messages into more parts which can make the signature much shorter.

N-ary tree schema
In this case define the length of S to be l again, and since the verifying time of S is comparably small to the hashing process, we just ignore it in the following calculation. And we define the time used to calculate a hash function as t_h, the length of the hash function as l_h.

Key generation
Assume that k is a power of 2 = 2^m.

Key generation
Assume that k is a power of 3 = 3^m.

Signature
The length of the signature would be m + l_h*2*logk(base 3) +l.

Key generation
Assume that k is a power of 5 = 5^m.

N-ary trees schema conclusion
From the Table1 we can know that for the schemes in this category, the more messages you decide to divide each time, the faster you are able to sign and verify the whole bunch of messages.

Conclusion
We have proposed the generalized Lamport one-time signature schema which saves storage space, and batch signature with n-ary trees signature. It is summarized that each schema with detailed mathematical explanations and analysis of its advantages and defects. We expect that the attempted and improved schemas can be used to build more operative signature schemas.