Abstract
A number of signature schemes and standards have been recently designed, based on the Discrete Logarithm problem. In this paper we conduct design validation of such schemes while trying to minimize the use of ideal hash functions. We consider several Discrete Logarithm (DSA-like) signatures abstracted as generic schemes. We show that the following holds: “if the schemes can be broken by an existential forgery using an adaptively chosen-message attack then either the discrete logarithm problem can be solved, or some hash function can be distinguished from an ideal one, or multi-collisions can be found.” Thus, for these signature schemes, either they are equivalent to the discrete logarithm problem or there is an attack that takes advantage of properties which are not desired (or expected) in strong practical hash functions (SHA-1 or whichever high quality cryptographic hash function is used). What is interesting is that the schemes we discuss include KCDSA and slight variations of DSA.
Further, since our schemes coincide with (or are extremely close to) their standard counterparts they benefit from their desired properties: efficiency of computation/space, employment of certain mathematical operations and wide applicability to various algebraic structures. We feel that adding variants with strong validation of security is important to this family of signature schemes since, as we have experienced in the recent past, lack of such validation has led to attacks on standard schemes, years after their introduction. In addition, schemes with formal validation which is made public, may ease global standardization since they neutralize much of the suspicions regarding potential knowledge gaps and unfair advantages gained by the scheme designer’s country (e.g. the NSA being the designers of DSA).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, R., Vaudenay, S.: Minding your p’s and q’s. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 26–35. Springer, Heidelberg (1996)
Bellare, M., Rogaway, P.: Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In: Proc. of the 1st CCCS, pp. 62–73. ACM Press, New York (1993)
Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption – How to Encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures – How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Bleichenbacher, D.: Generating El Gamal Signatures without Knowing the Secret Key. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10–18. Springer, Heidelberg (1996)
Brands, S.A.: An Efficient Off-Line Electronic Cash SystemB ased on the Representation Problem. Technical Report CS-R9323, CWI, Amsterdam (1993)
Brickell, E.F.: Invited lecture given at the Crypto 1996 conference (unpublished) (manuscript) (1996)
Canetti, R., Goldreich, O., Halevi, S.: The Random Oracles Methodology, Revisited. In: Proc. of the 30th STOC, pp. 209–218. ACM Press, New York (1998)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT–22(6), 644–654 (1976)
El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory IT–31(4), 469–472 (1985)
Feige, U., Fiat, A., Shamir, A.: Zero-Knowledge Proofs of Identity. Journal of Cryptology 1, 77–95 (1988)
Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions of Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Girault, M., Stern, J.: On the Length of Cryptographic Hash-Values used in Identification Schemes. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 202–215. Springer, Heidelberg (1994)
Goldwasser, S., Micali, S., Rivest, R.: A Paradoxical Solution to the Signature Problem. In: Proc. of the 25th FOCS, pp. 441–448. IEEE, New York (1984)
Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)
ISO. ISO/IEC 14888 Final Draft – Information Technology – Security Techniques -Digital Signatures with Appendix. International Organization for Standardization, Berlin, Germany (1998)
KCDSA Task Force Team. The Korean Certificate-based Digital Signature Algorithm. IEEE P1363a Submission (August 1998), available from http://grouper.ieee.org/groups/1363/addendum.html
Lim, C.H., Lee, P.J.: A Study on the Proposed Korean Digital Signature Algorithm. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 175–186. Springer, Heidelberg (1998)
Naor, M., Yung, M.: Universal One-way Hash Functions and their Cryptographic Applications. In: Proceedings of 21st STOC (May 1989)
NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186 (November 1994)
NIST. Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180–1 (April 1995)
Ohta, K., Okamoto, T.: On Concrete Security Treatment of Signatures Derived from Identification. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 354–369. Springer, Heidelberg (1998)
Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology (1999), available from http://www.di.ens.fr/~pointche
Pointcheval, D., Vaudenay, S.: On Provable Security for Digital Signature Algorithms. Technical Report LIENS-96-17, LIENS (October 1996)
Rivest, R.: The MD5 Message-Digest Algorithm. RFC 1321, The Internet Engineering Task Force (April 1992)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Rompel, J.: One-way Functions are Necessary and Sufficient for Signature. In: Proceedings of 22d STOC (May 1990)
Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)
Schnorr, C.P.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)
van Oorschot, P.C., Wiener, M.J.: On Diffie-Hellman Key Agreement with Short Exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)
Vaudenay, S.: Hidden Collisions on DSS. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 83–88. Springer, Heidelberg (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brickell, E., Pointcheval, D., Vaudenay, S., Yung, M. (2000). Design Validations for Discrete Logarithm Based Signature Schemes. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 2000. Lecture Notes in Computer Science, vol 1751. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-46588-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-46588-1_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66967-8
Online ISBN: 978-3-540-46588-1
eBook Packages: Springer Book Archive