How to Repair ESIGN
The ESIGN signature scheme was provided with an inadequate proof of security. We propose two techniques to repair the scheme, which we name ESIGN-D and ESIGN-R. Another improvement of ESIGN is encouraged, where the public key is hashed together with the message. This allows to have a security proof in the multi key setting. Additionally, the lower security of ESIGN compared to RSA-PSS leads to suggest that a common public key is used for ESIGN and RSA-PSS, leaving to the signer the choice between fast signature or better security.
Unable to display preview. Download preview PDF.
- 1.M. Bellare and P. Rogaway. The exact security of digital signatures: how to sign with RSA and Rabin. Proc. Eurocrypt’96, LNCS 1070, pages 399–416, May 1996. Revised version available at http://www-cse.ucsd.edu/users/mihir/crypto-research-papers.html.Google Scholar
- 3.Y. Dodis and L. Reyzin. On the Power of Claw-Free Permutations. Proc. SCN’02 (this book), 2002.Google Scholar
- 4.E. Fujisaki, T. Kobayashi, H. Morita, H. Oguro, T. Okamoto, S. Okazaki. ESIGN: Efficient Digital Signature (Submission to NESSIE) Available at http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/esign.zip.
- 5.J. Stern, D. Pointcheval, J. Malone-Lee and N. P. Smart. Flaws in Applying Proof Methodologies to Signature Schemes. Proc. Crypto’02, LNCS 2442, Aug. 2002.Google Scholar