Can O.S.S. be Repaired? Proposal for a New Practical Signature Scheme

This paper describes a family of new Ong-Schnorr-ShamirFiat-Shamir like [1] identification and signature protocols designed to prevent forgers from using the Pollard-Schnorr attack [2]. Our first signature method takes advantage of the fact that although an attacker can generate valid OSS signatures (solutions {x, y} of x−ky ≡ m mod n), he has no control over the internal structure of x and y and in particular, if we restrict the solution space by adding extra conditions on x and y, it becomes very difficult to produce forged solutions that satisfy the new requirements. The second signature scheme (and its associated identification protocol) uses x, which is secret-free, as a commitment on which k will depend later. Therefore, the original quadratic equation is replaced by x − k(x)y ≡ m mod n where k(x) is a non-polynomial function of x and since the Pollard-Schnorr algorithm takes as input value k (to output x and y), it becomes impossible to feed à-priori k(x) which is output-dependent.