Message recovery for signature schemes based on the discrete logarithm problem
Rent the article at a discountRent now
* Final gross prices may vary according to local VAT.Get Access
The new signature scheme presented by the authors in  is the first signature scheme based on the discrete logarithm problem that gives message recovery. The purpose of this paper is to show that the message recovery feature is independent of the choice of the signature equation and that all ElGamal-type schemes have variants giving message recovery. For each of the six basic ElGamal-type signature equations five variants are presented with different properties regarding message recovery, length of commitment and strong equivalence. Moreover, the six basic signature schemes have different properties regarding security and implementation. It turns out that the scheme proposed in  is the only inversionless scheme whereas the message recovery variant of the DSA requires computing of inverses in both generation and verification of signatures. In general, message recovery variants can be given for ElGamal-type signature schemes over any group with large cyclic subgroup as the multiplicative group of GF(2 n ) or elliptic curve over a finite field.
The present paper also shows how to integrate the DLP-based message recovery schemes with secret session key establishment and ElGamal encryption. In particular, it is shown that with DLP-based schemes the same functionality as with RSA can be obtained. However, the schemes are not as elegant as RSA in the sense that the signature (verification) function cannot at the same time be used as the decipherment (encipherment) function.
G. B. Agnew, B. C. Mullin and S. A. Vanstone, Improved digital signature scheme based on discrete exponentation, Electronics Letters, Vol. 26, No. 14 (1990) pp. 1024–1025.
B. Arazi, Integrating a key distribution procedure into the digital signature standard, Electronics Letters, Vol. 29, No. 11 (1993) pp. 966–967.
C. Boyd, Comment: New digital signature scheme based on discrete logarithm, Electronics Letters, Vol. 30, No. 6 (1994) p. 480.
W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, Vol. IT-22, No. 6 (1976) pp. 644–654.
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. IT-31, No. 4 (1985) pp. 469–472.
FIPS PUB XX, Digital Signature Standard (1993).
C. G. Günther, Diffie-Hellman and ElGamal Protocols with One Single Authentication Key, Advances in Cryptology—Eurocrypt '89, Lecture Notes in Computer Science, Springer-Verlag, 434 (1990).
P. Horster and H. Petersen, Verallgemeinerte ElGamal-Signaturen, Proceedings der Fachtagung SIS '94 Verlag der Fachvereine, Zurich (1994).
P. Horster, M. Michels and H. Petersen, Authenticated encryption schemes with low communication costs, Electronics Letters, Vol. 30, No. 15 (1994).
ISO/IEC 9796, Information technology—Security techniques—Digital signature scheme giving message recovery.
N. Koblitz, A course in number theory and cryptography, Graduate Texts in Mathematics, Springer-Verlag (1988).
V. Miller, Use of elliptic curves in cryptography, Advances in Cryptography—Proceedings of Crypto '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417–426.
K. Nyberg and R. A. Rueppel, A new signature scheme based on the DSA giving message recovery, 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia (Nov. 3–5, 1993).
K. Nyberg and R. A. Rueppel, Weaknesses in some recent key agreement protocols, Electronics Letters, Vol. 30, No. 1 (1994) pp. 26–27.
K. Nyberg, Comment: New digital signature scheme based on discrete logarithm, Electronics Letters, Vol. 30, No. 6 (1994) p. 481.
J. -M. Piveteau, New signature scheme with message recovery, Electronics Letters, Vol. 29, No. 25 (1993) p. 2185.
C. P. Schnorr, Letter: Reply to the request of NIST for comments on the DSA (Oct. 30, 1991).
C. P. Schnorr, Efficient Signature Generation by Smart Cards, J. Cryptology, Vol. 4 (1991) pp. 161–174.
S.-M. Yen and C.-S. Laih, New digital signature scheme based on discrete logarithm, Electronics Letters, Vol. 29, No. 12 (1993) pp. 1120–1121.
- Message recovery for signature schemes based on the discrete logarithm problem
Designs, Codes and Cryptography
Volume 7, Issue 1-2 , pp 61-81
- Cover Date
- Print ISSN
- Online ISSN
- Kluwer Academic Publishers
- Additional Links
- Industry Sectors