Abstract
The ElGamal signature([3]) is based on the difficulty of the discrete logarithm problem(DLP). For the ElGamal signature scheme, many variants like the NIST Digital Signature Algorithm(DSA)([10]) and a new signature with a message recovery feature([12]) are proposed. The message recovery feature has the advantage of small signed message length, which is effective especially in applications like identity-based public key system([4]) and the key exchange protocol([2]). However, its security is not widely accepted because it has been only a few years since the scheme was proposed. Even the relative security between the new message recovery scheme and already-existing schemes is scarcely known. In this paper, we make a strict definition of the conception of equivalent classes([14]) between signature schemes. According to this definition, we discuss the security relation between signature schemes. The reason why the Bleichenbacher-attack([1]) works for ElGamal but not for DSA can be also explained well by the conception. We show that an elliptic curve gives the message recovery signature equivalent to DSA. Furthermore we investigate the new attack over elliptic curves and present its new trapdoor generating algorithm. We also show that the trapdoor does not exist in the particular kind of elliptic curves.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
D. Bleichenbacher, “Generating ElGamal signatures without knowing the secret key” to appear in Advances in Cryptology-Proceedings of EUROCRYPT'96.
W. Diffie and M. Hellman, “New directions in cryptography” IEEE Trans. Inform. Theory, Vol. IT-22 (1976), 644–654.
T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Trans. Inform. Theory, Vol. IT-31 (1985), 469–472.
C. G. Günther, “An identity-based key-exchange protocol”, Advances in Cryptology-Proceedings of Eurocrypt'89, Lecture Notes in Computer Science, 434(1990), Springer-Verlag, 29–37.
G. Harper, A. Menezes and S. Vanstone, “Public-key cryptosystems with very small key lengths”, Advances in Cryptology-Proceedings of Eurocrypt '92, Lecture Notes in Computer Science, 658(1993), Springer-Verlag, 163–173.
N. Koblitz, “Elliptic curve cryptosystems”, Mathematics of Computation, 48(1987), 203–209.
V. S. Miller, “Use of elliptic curves in cryptography”, Advances in Cryptology-Proceedings of Crypto'85, Lecture Notes in Computer Science, 218(1986), Springer-Verlag, 417–426.
A. Miyaji, “On ordinary elliptic curves”, Advances in Cryptology-Proceedings of ASIACRYPT'91, Lecture Notes in Computer Science, 739(1993), Springer-Verlag, 460–469.
A. Miyaji, “Elliptic curve over F p suitable for cryptosystems”, Advances in Cryptology-Proceedings of AUSCRYPT'92, Lecture Notes in Computer Science, 718(1993), Springer-Verlag, 479–491.
“Proposed federal information processing standard for digital signature standard (DSS)”, Federal Register, v. 56, n. 169, 30 Aug 1991, 42980–42982.
A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, 80–89, 1991.
K. Nyberg and R. A. Rueppel, “A new signature scheme based on the DSA giving message recovery”, Proceedings of 1st ACM Conference on Computer and Communications Security, 1993.
K. Nyberg and R. A. Rueppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Advances in Cryptology-Proceedings of Eurocrypt'94, Lecture Notes in Computer Science, 950(1995), Springer-Verlag, 182–193.
K. Nyberg and R. A. Rueppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Designs Codes and Cryptography, 7(1996), 61–81.
R. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, vol.21, No.2(1978), 120–126.
K. Sakurai and H. Shizuya, “Relationships among the computational powers of breaking Discrete Log cryptosystems”, Advances in Cryptology-Proceedings of Eurocrypt'95, Lecture Notes in Computer Science, 921(1995), Springer-Verlag, 341–355.
C. P. Schnorr, “Efficient identification and signatures for smart cards”, Advances in cryptology-Proceedings of Crypto'89, Lecture Notes in Computer Science, 435(1989), Springer-Verlag, 239–252.
J. H. Silverman, The Arithmetic of Elliptic Curves, GTM106, Springer-Verlag, New York, 1986.
A. Shamir, R. Rivest and L. Adleman, “Mental Poker”, MIT/LCS, TM-125, (Feb. 1979).
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag
About this paper
Cite this paper
Miyaji, A. (1996). A message recovery signature scheme equivalent to DSA over elliptic curves. In: Kim, K., Matsumoto, T. (eds) Advances in Cryptology — ASIACRYPT '96. ASIACRYPT 1996. Lecture Notes in Computer Science, vol 1163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0034830
Download citation
DOI: https://doi.org/10.1007/BFb0034830
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61872-0
Online ISBN: 978-3-540-70707-3
eBook Packages: Springer Book Archive