{"has_accepted_license":"1","abstract":[{"lang":"eng","text":"In a digital signature scheme with message recovery, rather than transmitting the message m and its signature σ, a single enhanced signature τ is transmitted. The verifier is able to recover m from τ and at the same time verify its authenticity. The two most important parameters of such a scheme are its security and overhead |τ| − |m|. A simple argument shows that for any scheme with “n bits security” |τ| − |m| ≥ n, i.e., the overhead is lower bounded by the security parameter n. Currently, the best known constructions in the random oracle model are far from this lower bound requiring an overhead of n + logq h , where q h is the number of queries to the random oracle. In this paper we give a construction which basically matches the n bit lower bound. We propose a simple digital signature scheme with n + o(logq h ) bits overhead, where q h denotes the number of random oracle queries.\r\n\r\nOur construction works in two steps. First, we propose a signature scheme with message recovery having optimal overhead in a new ideal model, the random invertible function model. Second, we show that a four-round Feistel network with random oracles as round functions is tightly “public-indifferentiable” from a random invertible function. At the core of our indifferentiability proof is an almost tight upper bound for the expected number of edges of the densest “small” subgraph of a random Cayley graph, which may be of independent interest.\r\n"}],"language":[{"iso":"eng"}],"date_updated":"2021-01-12T06:56:21Z","publisher":"Springer","author":[{"last_name":"Kiltz","first_name":"Eike","full_name":"Kiltz, Eike"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Pietrzak, Krzysztof Z","first_name":"Krzysztof Z","last_name":"Pietrzak","orcid":"0000-0002-9139-1654"},{"first_name":"Mario","full_name":"Szegedy, Mario","last_name":"Szegedy"}],"scopus_import":1,"intvolume":"      8042","conference":{"end_date":"2013-08-22","name":"CRYPTO: International Cryptology Conference","start_date":"2013-08-18","location":"Santa Barbara, CA, United States"},"department":[{"_id":"KrPi"}],"doi":"10.1007/978-3-642-40041-4_31","_id":"2258","alternative_title":["LNCS"],"ddc":["000","004"],"series_title":"Lecture Notes in Computer Science","date_created":"2018-12-11T11:56:37Z","file_date_updated":"2020-07-14T12:45:35Z","citation":{"ista":"Kiltz E, Pietrzak KZ, Szegedy M. 2013. Digital signatures with minimal overhead from indifferentiable random invertible functions. 8042, 571–588.","ieee":"E. Kiltz, K. Z. Pietrzak, and M. Szegedy, “Digital signatures with minimal overhead from indifferentiable random invertible functions,” vol. 8042. Springer, pp. 571–588, 2013.","mla":"Kiltz, Eike, et al. <i>Digital Signatures with Minimal Overhead from Indifferentiable Random Invertible Functions</i>. Vol. 8042, Springer, 2013, pp. 571–88, doi:<a href=\"https://doi.org/10.1007/978-3-642-40041-4_31\">10.1007/978-3-642-40041-4_31</a>.","ama":"Kiltz E, Pietrzak KZ, Szegedy M. Digital signatures with minimal overhead from indifferentiable random invertible functions. 2013;8042:571-588. doi:<a href=\"https://doi.org/10.1007/978-3-642-40041-4_31\">10.1007/978-3-642-40041-4_31</a>","short":"E. Kiltz, K.Z. Pietrzak, M. Szegedy, 8042 (2013) 571–588.","chicago":"Kiltz, Eike, Krzysztof Z Pietrzak, and Mario Szegedy. “Digital Signatures with Minimal Overhead from Indifferentiable Random Invertible Functions.” Lecture Notes in Computer Science. Springer, 2013. <a href=\"https://doi.org/10.1007/978-3-642-40041-4_31\">https://doi.org/10.1007/978-3-642-40041-4_31</a>.","apa":"Kiltz, E., Pietrzak, K. Z., &#38; Szegedy, M. (2013). Digital signatures with minimal overhead from indifferentiable random invertible functions. Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States: Springer. <a href=\"https://doi.org/10.1007/978-3-642-40041-4_31\">https://doi.org/10.1007/978-3-642-40041-4_31</a>"},"status":"public","day":"01","oa":1,"ec_funded":1,"quality_controlled":"1","year":"2013","publication_status":"published","title":"Digital signatures with minimal overhead from indifferentiable random invertible functions","publist_id":"4688","page":"571 - 588","volume":8042,"oa_version":"Submitted Version","month":"01","project":[{"name":"Provable Security for Physical Cryptography","call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","grant_number":"259668"}],"file":[{"file_id":"4744","creator":"system","file_size":493175,"file_name":"IST-2016-685-v1+1_658.pdf","date_updated":"2020-07-14T12:45:35Z","checksum":"18a3f602cb41de184dc0e16a0e907633","relation":"main_file","date_created":"2018-12-12T10:09:20Z","access_level":"open_access","content_type":"application/pdf"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","type":"conference","pubrep_id":"685","date_published":"2013-01-01T00:00:00Z"}