Proving a Forged Signature — The Fail-stop Signature Method
I did a pre-interview with the mighty Torben P Pedersen (famous for the Pedersen Commitment) [here], and will be following up with a full interview, soon. Torben has contributed so much to cryptography of the decades, so let’s take a look at his work on fail-stop signatures:
At the time, Torben was at Aarhus University in Denmark, and Engene at CWI in Amsterdam [here]. With the fail-stop signature, a forgery can be detected, and then the signing mechanism no longer used. We have various properties for this:
- If Alice has signed a message, Bob should be able to accept it.
- Eve cannot forge the signature, without going costly work.
- If Eve manages to create a forgery, Alice can prove with a proof-of-sorgery.
- Alice cannot produce a signature which at a future time will be marked as a forgery.
So, how do you detect a forger? Well, get them to do something that is valid, but to become valid, there’s a few different options that the forger could use to make the fake. If there are lots of options to select from, the forger is unlikely to pick the right one…
