Can D.S.A. be improved? — Complexity trade-offs with the digital signature standard —

  • David Naccache
  • David M'RaÏhi
  • Serge Vaudenay
  • Dan Raphaeli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)


The Digital Signature Algorithm (DSA) was proposed in 1991 by the US National Institute of Standards and Technology to provide an appropriate core for applications requiring digital signatures. Undoubtedly, many applications will include this standard in the future and thus, the foreseen domination of DSA as a legal certification tool is sufficiently important to focus research endeavours on the suitability of this scheme to various situations.

In this paper, we present six new DSA-based protocols for:
  • Performing a quick batch-verification of n signatures. The proposed scheme allows to make the economy of ≈ 450n modular multiplications.

  • Avoiding the cumbersome calculation of 1 / k mod q by the signer.

  • Compressing sets of DSA transactions into shorter archive signatures.

  • Generating signatures from pre-calculated “Use & Throw” 224-bit signature-coupons.

  • Self-certifying the moduli and bit-patterning directly q on p (gain of 60.4% in key size).

All our schemes combine in a natural way full DSA compatibility and flexible trade-offs between computational complexity, transmission overheads and key sizes.


Signature Scheme Modular Multiplication Transmission Overhead Verification Strategy Digital Signature Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    FIPS PUB XX, February 1, 1993, Digital Signature Standard.Google Scholar
  2. [2]
    E. Brickell, D. Gordon and K. McCurley, Fast exponentiation with precomputation, Technical report no. SAND91-1836C, Sandia National Laboratories, Albuquerque, New-Mexico, October 1991.Google Scholar
  3. [3]
    E. Brickell and K. McCurley, An interactive identification scheme based on discrete logarithms and factoring, Journal of Cryptology, vol 5, no. 1, 1992.Google Scholar
  4. [4]
    D. Chaum and J. Bos, Smart Cash: A practical electronic payment system, CWI-Report CS-R9035, August 1990.Google Scholar
  5. [5]
    T. El-Gamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE TIT, vol. IT-31:4, pp 469–472, 1985.MathSciNetGoogle Scholar
  6. [6]
    L. Guillou and J.J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimising both transmission and memory, Advances in cryptology: Proceedings of Eurocrypt'88, LNCS, Springer-Verlag, Berlin, 330, pp 123–128, 1988.Google Scholar
  7. [7]
    L.H. Harper, Stirling behavior is asymptotically normal, Annals of Mathematical Statistics, vol. 38, pp. 410–414, 1967.zbMATHMathSciNetGoogle Scholar
  8. [8]
    P. Montgomery, Modular multiplication without trial division, Mathematics of Computation., vol. 44(170), pp. 519–521, 1985.zbMATHCrossRefMathSciNetGoogle Scholar
  9. [9]
    J.H. Morris, Lambda-calculus models of programming languages, Ph.D. thesis, MIT, 1968.Google Scholar
  10. [10]
    C. Schnorr, Efficient identification and signatures for smart-cards, Advances in cryptology: Proceedings of Eurocrypt'89 (G. Brassard ed.), LNCS, Springer-Verlag, Berlin, 435 (1990), pp. 239–252.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • David Naccache
    • 1
  • David M'RaÏhi
    • 1
  • Serge Vaudenay
    • 2
  • Dan Raphaeli
    • 3
  1. 1.Crypto TeamGemplus Card InternationalSarcelles CedexFrance
  2. 2.Ecole Normale SuperieureG.R.E.C.C. - D.M.I.Paris Cedex 5France
  3. 3.Electrical EngineeringCalifornia Institute of TechnologyPasadenaUSA

Personalised recommendations