Abstract
Ong-Schnorr identification and signatures are variants of the Fiat-Shamir scheme with short and fast communication and signatures. This scheme uses secret keys that are 2t-roots modulo N of the public keys, whereas Fiat-Shamir uses square roots modulo N. Security for particular cases has recently been proved by Micali [M94] and Shoup [Sh96].
We prove that identification and signatures are secure for arbitrary moduli N = pq unless N can easily be factored. The proven security of identification against active impersonation attacks depends on the maximal 2-power 2m that divides either p − 1 or q − 1. We show that signatures are secure against adaptive chosen-message attacks. This proves the security of a very efficient signature scheme.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
M. Bellare and P. Rogaway. Random oracle are practical: a paradigma for designing efficient protocols. Proceedings of the 1st ACM Conference on Computer Communication Security, pages 62–73, 1993.
Y. Desmedt, C. Goutier, and S. Bengo. Special uses and abuses of the Fiat-Shamir passport protocol. Proceedings CRYPTO’87, Springer LNCS 293: pages 21–39, 1988.
A. Fiat and A. Shamir. How to prove yourself: Practical Solution to Identification and Signature Problems. Proceedings of CRYPTO’86, Springer LNCS 263: pages 186–194, 1986.
U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. J. Cryptology, 1: pages 77–94, 1988.
U. Feige, A. Shamir. Witness indistinguishable and witness hiding protocols Proceedings 22rd STOC, pages 416–426, 1990.
A. Fiat and A. Shamir. How to prove yourself: Practical Solution to Identification and Signature Problems. Proceedings of CRYPTO’86, Springer LNCS 263: pages 186–194, 1986.
M. Girault and J. Stern. On the length of cryptographic hash-values used to identification schemes. Proceedings of CRYPTO’94, Springer LNCS 839: pages 202–215.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM J. Comput., 18: pages 186–208, 1989.
S. Goldwasser, S. Micali and R. Rivest. A digital signature secure against adaptive chosen-message attacks. Siam J. Computing 17: pages 281–308, 1988.
L. Guillou and J. Quisquater. A practical zero-knowledge protocol fitted to security microprocesors minimizing both transmission and memory. Proceedings of Eurocrypt’88, Springer LNCS 330: pages 123–128, 1988.
S. Micali. A secure and efficient digital signature algorithm. Technical Report, MIT/LCS/TM-501, 1994
S. Micali and A. Shamir. An improvement of the Fiat-Shamir Identification Scheme. Proceedings CRYPTO’88, Springer LNCS 403: pages 244–247, 1990.
T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. Proceedings of CRYPTO’92, Springer LNCS 740: pages 31–53, 1992.
H. Ong and C.P. Schnorr. Fast signature generation with a Fiat Shamir-like scheme. Proceedings of Eurocrypt’90, Springer LNCS 473: pages 432–440, 1990.
D. Pointcheval and J. Stern. Security proofs for signatures. Proceedings Eurocrypt’96, Springer LNCS 1070: pages 387–398, 1996.
C.P. Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4 pages 161–174, 1991.
V. Shoup. On the security of a practical identification scheme. Proceedings of Eurocrypt’96, Springer LNCS 1070: pages 340–353, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schnorr, C.P. (1996). Security of 2t-Root Identification and Signatures. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_12
Download citation
DOI: https://doi.org/10.1007/3-540-68697-5_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61512-5
Online ISBN: 978-3-540-68697-2
eBook Packages: Springer Book Archive