PECDSA. How to build a DL-based digital signature scheme with the best proven security

Many variants of the ElGamal signature scheme have been proposed. The most famous is the DSA standard. If computing discrete logarithms is hard, then some of these schemes have been proven secure in an idealized model, either the random oracle or the generic group. We propose a generic but simple presentation of signature schemes with security based on the discrete logarithm. We show how they can be proven secure in idealized model, under which conditions. We conclude that none of the previously proposed digital signature schemes has optimal properties and we propose a scheme named PECDSA.

[1]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.

[2]  Donald Byron Johnson,et al.  Formal Security Proofs for a Signature Scheme with Partial Message Recovery , 2001, CT-RSA.

[3]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1994, EUROCRYPT.

[4]  Louis Granboulan How to Repair ESIGN , 2002, SCN.

[5]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[6]  David Naccache,et al.  GOST 34.10 - A brief overview of Russia's DSA , 1996, Comput. Secur..

[7]  Daniel R. L. Brown Generic Groups, Collision Resistance, and ECDSA , 2002, Des. Codes Cryptogr..

[8]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[9]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[10]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[11]  M. Michels,et al.  Meta Signature Schemes Giving Message Recovery Based on the Discrete Logarithm Problem , 1994 .

[12]  이필중 Security Proof for KCDSA jnder the Random Oracle Model , 1999 .

[13]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[14]  Toms Rosa On Key-collisions in (EC)DSA Schemes , 2002 .

[15]  Atsuko Miyaji A Message Recovery Signature Scheme Equivalent to DSA over Elliptic Curves , 1996, ASIACRYPT.

[16]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Tatsuaki Okamoto,et al.  A Signature Scheme with Message Recovery as Secure as Discrete Logarithm , 1999, ASIACRYPT.

[19]  Ernest F. Brickell,et al.  Design Validations for Discrete Logarithm Based Signature Schemes , 2000, Public Key Cryptography.

[20]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[21]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[22]  Serge Vaudenay,et al.  Hidden Collisions on DSS , 1996, CRYPTO.

[23]  Nigel P. Smart,et al.  Modifications of ECDSA , 2002, Selected Areas in Cryptography.

[24]  Jacques Stern,et al.  Flaws in Applying Proof Methodologies to Signature Schemes , 2002, CRYPTO.

[25]  Scott A. Vanstone,et al.  Postal Revenue Collection in the Digital Age , 2000, Financial Cryptography.

[26]  Chae Hoon Lim,et al.  The Korean certificate-based digital signature algorithm , 1999 .

[27]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[28]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[29]  Patrick Horster,et al.  Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications , 1994, ASIACRYPT.

[30]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[31]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[32]  Jacques Stern,et al.  Signing on a Postcard , 2000, Financial Cryptography.

[33]  Alexander W. Dent,et al.  Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model , 2002, ASIACRYPT.