Abstract
We investigate the problem of signing short messages using a scheme that minimizes the total length of the original message and the appended signature. This line of research was motivated by several postal services interested by stamping machines capable of producing digital signatures. Although several message recovery schemes exist, their security is questionable. This paper proposes variants of DSA and ECDSA allowing partial recovery: the signature is appended to a truncated message and the discarded bytes are recovered by the verification algorithm. Still, the signature authenticates the whole message. Our scheme has some form of provable security, based on the random oracle model. Using further optimizations we can lower the scheme’s overhead to 26 bytes for a 2-80 security level, compared to forty bytes for DSA or ECDSA and 128 bytes 1024-bit RSA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abe and T. Okamoto, A signature scheme with message recovery as secure as discrete logarrithms, Proceedings of asiacrypt’99, LNCS, Springer-Verlag, to appear, 1999.
M. Bcllarc and P. Rogaway, Random oracles arc practical: a paradigm for designing efficient protocols, Proceedings of the 1-st ACM conference on communications and computer security, pp. 62–73. 1993.
M. Bellare and P. Rogaway, The exact security of digital signatures-How-to sign with RSA and Rabin, Proceedings of eurocrypt’96, LNCS 950, Springer-Verlag, pp. 399–416, 1996.
D. Coppersmith, S. Halevi and C. Jutla, ISO 9796-1 and the new forgery strategy., manuscript, July 28, 1999.
J.-S. Coron. D. Naccache and, T.P. Stern, On the security of RSA padding, Proceedings of crypto’99, LNCS 1666, Springer-Vcrlag, pp. 1–18, 1999.
IEEE P1363 Draft, Standard specifications for public key cryptography, (available from http://grouper.ieee.org/groups/1363/index.html), 1998.
ISO/IEC 9796-2, Information technology, Security techniques, Digital signature scheme giving message recovery, Part 2: Mechanisms using a hash-function, 1997.
V.I. Nechaev, Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes, 55(2), pp. 165–172, 1994. Translated from Matematicheskie Zametki 55(2), pp. 91-101, 1994.
National Institute of Standards and Technology, Secure hash standard, FIPS publication 180-1, April 1994.
K. Nyberg and R. Rueppel, A new signature scheme based on the DSA, giving message recovery, Proceedings of the 1-st ACM conference on communications and computer security, pp. 58–61, 1993.
D. Pointcheval and J. Stern, Security proofs for signature schemes. Proceedings of euhochypt’96, LNCS 950, Springer-Verlag, pp. 387–398, 1996.
V. Shoup, Lower bounds for discrete logarithms and related problems. Proceedings of eurocrypt’97, LNCS 1233, Springer-Verlag, pp. 256–266, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naccache, D., Stern, J. (2001). Signing on a Postcard. In: Frankel, Y. (eds) Financial Cryptography. FC 2000. Lecture Notes in Computer Science, vol 1962. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45472-1_9
Download citation
DOI: https://doi.org/10.1007/3-540-45472-1_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42700-1
Online ISBN: 978-3-540-45472-4
eBook Packages: Springer Book Archive