Abstract
At Financial Cryptography 02, Okamoto, Tada, and Miyagi [8] proposed a new fast signature scheme of the Schorr/DSS family, without on line multiplication. Following earlier proposals [5, 10, 11], a part of the data, independent of the message to sign, is generated at a preprocessing stage, while the computing effort needed to complete the signature “on the fly”, is dramatically reduced. Whereas the so-called GPS scheme from [5, 10] and its variant from [11] avoid modular operations by computing over the integers, thus reducing the workload to one (regular) multiplication, the new scheme simply gives up multiplication at the cost of bringing back a single modular reduction with respect to a 160 bit integer. Thus, the scheme could appear as achieving better performances. Unfortunately, due to a concealed design weakness, the scheme in [8] is insecure with the proposed parameters. The present paper shows a devastating attack against the scheme, forging a signature in ≃ 225 operations. The scheme can be rescued in a rather straightforward way by significantly raising the parameters, but this degrades its performances which do not compare anymore favorably to [10]. In place, we suggest to replace modular reduction by another novel operation, which we call dovetailing. We argue that this operation can be performed in such an efficient way that it could allow for signing with a memory card, rather than a smart card. This equally applies to GPS but the new scheme is better than GPS in terms of signature size.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bosselaers, A., Govaerts, R., Vandewalle, J.: Comparison of three modular reduction functions. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 175–186. Springer, Heidelberg (1994)
Feige, U., Fiat, A., Shamir, A.: Zero-Knowledge Proofs of Identity. J. Cryptology 1, 77–94 (1988)
Even, S., Goldreich, O., Micali, S.: Online/Offline Digital Signatures. Journal of Cryptology 9, 35–67 (1996)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 181–187. Springer, Heidelberg (1987)
Girault, M.: Self-certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)
Guillou, L.S., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1989)
Lygeros, N., Mizony, M., Zimmermann, P.: A new ECM record with 54 digits, http://www.desargues.univ-lyon1.fr/home/lygeros/Mensa/ecm54.html
Okamoto, T., Tada, M., Miyaji, A.: An Improved Fast Signature Scheme without on-line Multiplication. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)
Pollard, J.: Monte Carlo methods for index computation mod p. Math. Comp. 32, 918–924 (1978)
Poupard, G., Stern, J.: Security Analysis of a Practical “on the fly” Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)
Poupard, G., Stern, J.: On the fly Signatures based on Factoring. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 48–57. ACM Press, New York (1999)
Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)
Schnorr, C.P.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4, 161–174 (1991)
Shamir, A., Tauman, Y.: Improved Online/Offline Signatures Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stern, J., Stern, J.P. (2003). Cryptanalysis of the OTM Signature Scheme from FC’02. In: Wright, R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45126-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-45126-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40663-1
Online ISBN: 978-3-540-45126-6
eBook Packages: Springer Book Archive