Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme
نویسنده
چکیده
The focus of this note is the Goldwasser-Micali-Rivest Signature Scheme (presented in the 25th POCS, 1984). The GMR scheme has the salient property that, unless factoring is easy, it is infeasible to forge any signature even through an adaptive chosen message attack. We present two technical contributions with respect to the GMR scheme: 1) The GMR scheme can be made totally \memoryless": That is, the signature generated by the signer on message M does not depend on the previous signed messages. (In the original scheme, the signature to a message depends on the number of messages signed before.) 2) The GMR scheme can be implemented almost as eeciently as the RSA: The original implementation of the GMR scheme based on factoring, can be speeded-up by a factor of jNj. Thus, both signing and verifying take time O(jNj 3 log 2 jNj).
منابع مشابه
A Digital Signature Scheme Secure Against Adaptive Chosen - Message Attacks * ( Revision March 23 , 1995 )
Shafi Goldwasser∗∗ Silvio Micali∗∗ Ronald L. Rivest ∗∗ Abstract We present a digital signature scheme based on the computational difficulty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signa...
متن کاملA Provably Secure and Practical Signature Scheme for Smart Cards
By ”secure”, we mean that some well-defined computational assumption can be shown to be sufficient for the scheme not to be existentially forgeable, even under an adaptive chosen message attack. Most, if not all, signature schemes used in practice are based on a computational assumption that is certainly necessary for this kind of security, not known to be sufficient. Since the work of Goldwass...
متن کاملEfficient Transformation of Well Known Signature Schemes into Designated Confirmer Signature schemes
Since designated confirmer signature schemes were introduced by Chaum and formalized by Okamoto, a number of attempts have been made to design efficient and secure designated confirmer signature schemes. Yet, there has been a consistent gap in security claims and analysis between all generic theoretical proposals and any concrete implementation proposal one can envision using in practice. In th...
متن کاملA Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
We present a digital signature scheme based on the computational difficulty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) cannot later forge the sign...
متن کاملLecture 13 - Digital Signatures
Definition of digital signatures. Recall that we had the following picture: Private Key Public Key Secrecy Private Key Encryption Public key Encryption Integrity Message Authentication Codes (MAC) ?? Digital signatures complete this picture by giving a public key analog of message authentication codes. Digital signatures were suggested by Diffie and Hellman in their seminal paper, but unlike th...
متن کامل