GOST 34.10 - A brief overview of Russia's DSA

GOST 34.10 is Russia's DSA. Like its US counterpart, GOST is an ElGamal-like signature scheme used in Schnorr mode. It is similar to NIST DSA in many aspects. In this paper we will overview GOST 34.10 and discuss the three main differences between the two algorithms, (i) GOST's principal design criterion does not seem to be computational efficiency: the algorithm is 1.6 times slower than the DSA and produces 512-bit signatures. This is mainly due to the usage of the modulus q which is at least 254 bits long. During verification, modular inverses are computed by exponentiation (while the Extended Euclidian algorithm is roughly 100 times faster for this parameter size) and the generation of the public parameters is much more complicated than in the DSA. This choice of the parameters makes GOST 34.10 very secure. (ii) GOST signers do not have to generate modular inverses as the basic signature equation is s = xr + mk (mod q) instead of s = (m + xr)k (mod q). (iii) GOST's hash function (the Russian equivalent of the SHA) is the standard GOST 34.11 which uses the block cipher GOST 28147 (partially classified) as a building block. The hash function will be briefly described. Copyright

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Holger Petersen,et al.  Meta-Multisignature schemes based on the discrete logarithm problem , 1995 .

[3]  Chris Charnes,et al.  Further Comments on the Soviet Encryption Algorithm , 1994 .

[4]  Patrick Horster,et al.  Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications , 1994, ASIACRYPT.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Sung-Ming Yen,et al.  The Fast Cascade Exponentation Algorithm and its Applications on Cryptography , 1992, AUSCRYPT.

[7]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[8]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[9]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1994, EUROCRYPT.

[10]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.

[11]  Serge Vaudenay,et al.  Hidden Collisions on DSS , 1996, CRYPTO.

[12]  Jean-Jacques Quisquater,et al.  Precautions Taken Against Various Potential Attacks in ISO/IEC DIS 9796 "Digital Signature Scheme Giving Message Recovery" , 1990, EUROCRYPT.

[13]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1996, Des. Codes Cryptogr..