Skip to main content
SpringerLink
Log in
Book cover

International Conference on Financial Cryptography

FC 2003: Financial Cryptography pp 138–148Cite as

Cryptanalysis of the OTM Signature Scheme from FC’02

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2742))

Abstract

At Financial Cryptography 02, Okamoto, Tada, and Miyagi [8] proposed a new fast signature scheme of the Schorr/DSS family, without on line multiplication. Following earlier proposals [5, 10, 11], a part of the data, independent of the message to sign, is generated at a preprocessing stage, while the computing effort needed to complete the signature “on the fly”, is dramatically reduced. Whereas the so-called GPS scheme from [5, 10] and its variant from [11] avoid modular operations by computing over the integers, thus reducing the workload to one (regular) multiplication, the new scheme simply gives up multiplication at the cost of bringing back a single modular reduction with respect to a 160 bit integer. Thus, the scheme could appear as achieving better performances. Unfortunately, due to a concealed design weakness, the scheme in [8] is insecure with the proposed parameters. The present paper shows a devastating attack against the scheme, forging a signature in ≃ 225 operations. The scheme can be rescued in a rather straightforward way by significantly raising the parameters, but this degrades its performances which do not compare anymore favorably to [10]. In place, we suggest to replace modular reduction by another novel operation, which we call dovetailing. We argue that this operation can be performed in such an efficient way that it could allow for signing with a memory card, rather than a smart card. This equally applies to GPS but the new scheme is better than GPS in terms of signature size.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bosselaers, A., Govaerts, R., Vandewalle, J.: Comparison of three modular reduction functions. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 175–186. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  2. Feige, U., Fiat, A., Shamir, A.: Zero-Knowledge Proofs of Identity. J. Cryptology 1, 77–94 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  3. Even, S., Goldreich, O., Micali, S.: Online/Offline Digital Signatures. Journal of Cryptology 9, 35–67 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  4. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 181–187. Springer, Heidelberg (1987)

    Google Scholar 

  5. Girault, M.: Self-certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  6. Guillou, L.S., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1989)

    Chapter  Google Scholar 

  7. Lygeros, N., Mizony, M., Zimmermann, P.: A new ECM record with 54 digits, http://www.desargues.univ-lyon1.fr/home/lygeros/Mensa/ecm54.html

  8. Okamoto, T., Tada, M., Miyaji, A.: An Improved Fast Signature Scheme without on-line Multiplication. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Pollard, J.: Monte Carlo methods for index computation mod p. Math. Comp. 32, 918–924 (1978)

    MathSciNet  MATH  Google Scholar 

  10. Poupard, G., Stern, J.: Security Analysis of a Practical “on the fly” Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. Poupard, G., Stern, J.: On the fly Signatures based on Factoring. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 48–57. ACM Press, New York (1999)

    Google Scholar 

  12. Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)

    Google Scholar 

  13. Schnorr, C.P.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4, 161–174 (1991)

    Article  MATH  Google Scholar 

  14. Shamir, A., Tauman, Y.: Improved Online/Offline Signatures Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dépt d’Informatique, Ecole normale supérieure, 45 rue d’Ulm, 75230 Cedex 05, Paris, France

    Jacques Stern

  2. Cryptolog International SAS, 16–18 rue Vulpian, 75013, Paris, France

    Julien P. Stern

Authors
  1. Jacques Stern
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julien P. Stern
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and DIMACS, Rutgers University, 08854, Piscataway, NJ, USA

    Rebecca N. Wright

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stern, J., Stern, J.P. (2003). Cryptanalysis of the OTM Signature Scheme from FC’02. In: Wright, R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45126-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45126-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40663-1

  • Online ISBN: 978-3-540-45126-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation