Advertisement

Designs, Codes and Cryptography

, Volume 7, Issue 1–2, pp 61–81 | Cite as

Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem

  • Kaisa Nyberg
  • Rainer A. Rueppel
Article

Abstract

The new signature scheme presented by the authors in [13] is the first signature scheme based on the discrete logarithm problem that gives message recovery. The purpose of this paper is to show that the message recovery feature is independent of the choice of the signature equation and that all ElGamal-type schemes have variants giving message recovery. For each of the six basic ElGamal-type signature equations five variants are presented with different properties regarding message recovery, length of commitment and strong equivalence. Moreover, the six basic signature schemes have different properties regarding security and implementation. It turns out that the scheme proposed in [13] is the only inversionless scheme whereas the message recovery variant of the DSA requires computing of inverses in both generation and verification of signatures. In general, message recovery variants can be given for ElGamal-type signature schemes over any group with large cyclic subgroup as the multiplicative group of GF(2n) or elliptic curve over a finite field.

The present paper also shows how to integrate the DLP-based message recovery schemes with secret session key establishment and ElGamal encryption. In particular, it is shown that with DLP-based schemes the same functionality as with RSA can be obtained. However, the schemes are not as elegant as RSA in the sense that the signature (verification) function cannot at the same time be used as the decipherment (encipherment) function.

Keywords

Data Structure Information Theory Elliptic Curve Discrete Geometry Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    G. B. Agnew, B. C. Mullin and S. A. Vanstone, Improved digital signature scheme based on discrete exponentation, Electronics Letters, Vol. 26, No. 14 (1990) pp. 1024–1025.Google Scholar
  2. 2.
    B. Arazi, Integrating a key distribution procedure into the digital signature standard, Electronics Letters, Vol. 29. NO. 1 1 (1993) pp. 966–967.Google Scholar
  3. 3.
    C. Boyd, Comment: New digital signature scheme based on discrete logarithm, Electronics Letters, Vol. 30, No. 6 (1994) p. 480.Google Scholar
  4. 4.
    W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, Vol. IT-22, No. 6 (1976) pp. 644–654.Google Scholar
  5. 5.
    T. ElGarnal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. IT-31, No. 4 (1985) pp. 469472.Google Scholar
  6. 6.
    FIPS PUB XX, Digital Signature Standard (1993).Google Scholar
  7. 7.
    C. G. Giinther, Diffie-Hellman and ElGamal Protocols with One Single Authentication Key, Advances in Cryptology-Eurocrypt '89, Lecture Notes in Computer Science, Springer-Verlag, 434 (1990).Google Scholar
  8. 8.
    P. Horster and H. Petersen, Verallgemeinerte ElGamal-Signatuen, Proceedings der Fachtagung SIS '94 Verlag der Fachvereine, Ziirich (1994).Google Scholar
  9. 9.
    P. Horster, M. Michels and H. Petersen, Authenticated encryption schemes with low communication costs, Electronics Letters, Vol. 30, No. 15 (1994).Google Scholar
  10. 10.
    ISO/IEC 9796. Information technology-Security techniques-Digital signature scheme giving message recovery.Google Scholar
  11. 11.
    N. Koblitz, A course in number theory and cryptography, Graduate Texts in Mathematics, Springer-Verlag (1988).Google Scholar
  12. 12.
    V. Miller, Use of elliptic curves in cryptography, Advances in Cryptography-Proceedings of Crypto '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417426.Google Scholar
  13. 13.
    K. Nyberg and R. A. Rueppel, A new signature scheme based on the DSA giving message recovery, 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia (Nov. 3–51993).Google Scholar
  14. 14.
    K. Nyberg and R. A. Rueppel, Weaknesses in some recent key agreement protocols, Electronics Lerfers, Vol. 30, No. 1 (1994) pp. 26–27.Google Scholar
  15. 15.
    K. Nyberg, Comment: New digital signature scheme based on discrete logarithm, Electronics Lerfers, Vol. 30, No. 6 (1994) p. 481.Google Scholar
  16. 16.
    J.-M. Piveteau, New signature scheme with message recovery, Electronics Letters, Vol. 29, No. 25 (1993) p. 2185.Google Scholar
  17. 17.
    C. P. Schnon; Letter: Reply to the request of NIST for comments on the DSA (Oct. 30, 1991).Google Scholar
  18. 18.
    C. P. Schnon; Efficient Signature Generation by Smart Cards, J. Cryptology, Vol. 4 (1991) pp. 161–174.Google Scholar
  19. 19.
    S.-M. Yen and C.-S. Laih, New digital signature scheme based on discrete logarithm, Efectronics Letters, Vol. 29, No. 12 (1993) pp. 1120–1121.Google Scholar

Copyright information

© Kluwer Academic Publishers 1996

Authors and Affiliations

  • Kaisa Nyberg
    • 1
  • Rainer A. Rueppel
    • 2
  1. 1.Finnish Defence ForcesCommunications DivisionHelsinkiFinland
  2. 2.R3 Security Engineering AGAathalSwitzerland

Personalised recommendations