Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme
The GMR scheme can be made totally “memoryless’: That is, the signature generated by the signer on message M does not depend on the previous signed messages. (In the original scheme, the signature to a message depends on the number of messages signed before.
The GMR scheme can be implemented almost as efficiently as the RSA: The original implementation of the GMR scheme based on factoring, can be speeded-up by a factor of |N|. Thus, both signing and verifying take time O(|N|3log2|N|). (Here N is the moduli.)
- [D]Damgard, I.B., “Collision Free Hash Functions and Public Key Signature Schemes”, manuscript, 1986.Google Scholar
- [GGM]Goldreich, O., S. Goldwasser, and S. Micali, “How to Construct Random Functions”, Proc. of 25th Symp. on Foundation of Computer Science, 1984, pp. 464–479. To appear in Jour. of ACM.Google Scholar
- [GMR]Goldwasser, S., S. Micali, and R.L. Rivest, “A Paradoxical Solution to the Signature Problem”, Proc. of 25th Symp. on Foundation of Computer Science, 1984, pp. 441–448. A better version is available from the authors.Google Scholar