A Message Recovery Signature Scheme Equivalent to DSA over Elliptic Curves

The ElGamal signature([3]) is based on the difficulty of the discrete logarithm problem(DLP). For the ElGamal signature scheme, many variants like the NIST Digital Signature Algorithm(DSA)([10]) and a new signature with a message recovery feature([12]) are proposed. The message recovery feature has the advantage of small signed message length, which is effective especially in applications like identity-based public key system([4]) and the key exchange protocol([2]). However, its security is not widely accepted because it has been only a few years since the scheme was proposed. Even the relative security between the new message recovery scheme and already-existing schemes is scarcely known. In this paper, we make a strict definition of the conception of equivalent classes([14]) between signature schemes. According to this definition, we discuss the security relation between signature schemes. The reason why the Bleichenbacher-attack([1]) works for ElGamal but not for DSA can be also explained well by the conception. We show that an elliptic curve gives the message recovery signature equivalent to DSA. Furthermore we investigate the new attack over elliptic curves and present its new trapdoor generating algorithm. We also show that the trapdoor does not exist in the particular kind of elliptic curves.

[1]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[2]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1996, Des. Codes Cryptogr..

[3]  Kouichi Sakurai,et al.  Relationships Among the Computational Powers of Breaking Discrete Log Cryptosystems , 1995, EUROCRYPT.

[4]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1994, EUROCRYPT.

[5]  Atsuko Miyaji,et al.  Elliptic Curves over Fp Suitable for Cryptosystems , 1992, AUSCRYPT.

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[8]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[9]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[10]  Alfred Menezes,et al.  Public-Key Cryptosystems with Very Small Key Length , 1992, EUROCRYPT.

[11]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Atsuko Miyaji,et al.  On Ordinary Elliptic Curve Cryptosystems , 1991, ASIACRYPT.

[14]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.

[15]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[16]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.