Digital signature for Diff ie-Hellman public keys without using a one-way function

Introduction: A one-way function is needed in any digital signature scheme. Without using a secure one-way function, a digital signature can be easily forged [l, 21. There are some well-known oneway hash functions, such as the MD4, MD5, SHA, etc. There exists a major difference of security assumptions between digital signature schemes and one-way functions. The security assumptions of most signature schemes are based on some well-known computational problems, such as the discrete logarithm problem, the factoring problem, etc. However, the security of most one-way hash functions is based on the complexity of analysing an iterated simple function. Since most computational problems are wellknown and easy to understand, the security of most signature schemes can withstand quite a long period of time. However, a one-way function may seem very difficult to analyse at the beginning; but it may turn out to be vulnerable to some special attacks later. Thus, in general, the lifetime of one-way functions is shorter than that of signature schemes. For example, recent advancement of cryptanalysis research has found that MD5 is ‘at the edge’ of risking successful cryptanalytic attack [3]. There are two motivations of proposing signature schemes without using a one-way function. First, instead of relying overall security on the weaker assumption between the signature scheme and the one-way function, the security of our proposed schemes is based on the discrete logarithm problem. Secondly, the overall security can be easily understood and analysed. Diffie and Hellman [4] proposed the well-known public-key distribution scheme based on the discrete logarithm problem in 1976 to enable two parties to establish a common secret session key based on their exchanged public keys. But their original scheme can only share one common secret key and did not provide authentication for the exchanged public keys. Since them, several key exchange protocols [5, 61 to allow two parties to share multiple secret session keys have been proposed based on the DiffieHellman public-key technique. In general, these protocols utilise a digital signature for each distributed public key to provide authentication. Since Diffie-Hellman’s public key is obtained by computing an exponential function over GFb) and the exponential function itself is a well-known one-way function, we propose signature schemes without using any additional one-way function for signing Diffie-Hellman public keys. In addition, since the DiffieHellman public key is a random number, our proposed schemes are not suitable for signing any given message.