Modifications of ECDSA
We describe two variants of ECDSA one of which is secure, in the random oracle model, against existential forgery but suffers from the notion of duplicate signatures. The second variant is also secure against existential forgery but we argue that it is likely to possess only four natural duplicate signatures. Our variants of ECDSA are analogous to the variants of DSA as proposed by Brickell et al. However, we show that the ECDSA variants have better exact security properties.
KeywordsElliptic Curve Signature Scheme Random Oracle Discrete Logarithm Discrete Logarithm Problem
- 1.ANSI X9.62. Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999.Google Scholar
- 3.D. Brown. Generic groups, collision resistance and ECDSA. Preprint, 2001.Google Scholar
- 4.S. Goldwasser, S. Micali and R. Rivest. A “paradoxical” solution to the signature problem. Proc. 25th Symposium on Foundations of Computer Science, 441–448, 1984.Google Scholar
- 6.A. Menezes and N.P. Smart. Security of signature schemes in a multi-user setting. Preprint 2001.Google Scholar
- 8.D. Pointcheval, J. Stern, J. Malone-Lee and N.P. Smart. Flaws in Security Proofs. To appear Advances in Cryptology-CRYPTO 2002.Google Scholar