Formal Security Proofs for a Signature Scheme with Partial Message Recovery

  • Daniel R. L. Brown
  • Don B. Johnson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)


The Pintsov-Vanstone signature scheme with partial message recovery (PVSSR) is a signature scheme with low message expansion (overhead) and variable length recoverable and non-recoverable message parts. The scheme uses three cryptographic primitives: a symmetric cipher, hash function and an elliptic curve group. We give three security proofs for PVSSR in this paper. Each proof makes a concrete and necessary assumption about one primitive, and models the other two primitives by idealizations. Thus, PVSSR with a strong cipher may offer greater security than other common variants of ElGamal signatures.


Hash Function Signature Scheme Random Oracle Discrete Logarithm Problem Security Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    M. Abe and T. Okamoto, “A signature scheme with message recovery as secure as discrete logarithm”, Asiacrypt’99, LNCS 1716 (1999) 378–389.Google Scholar
  2. [2]
    W. Aiello, et al., “Security amplification by composition: the case of doublyiterated, ideal ciphers”, Crypto’98, LNCS 1462 (1998) 390–407.Google Scholar
  3. [3]
    M. Bellare, et al., “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation”, Proc. 38th FOCS, 1997, 394–403.Google Scholar
  4. [4]
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, 1st ACM Conference on Computer and Communications Security, (1993) 62–73.Google Scholar
  5. [5]
    M. Bellare and P. Rogaway, “The exact security of digital signatures-how to sign with RSA and Rabin”, Eurocrypt’96, LNCS 1070 (1996) 399–416.Google Scholar
  6. [6]
    M. Bellare and P. Rogaway, “Collision-resistant hashing: towards making UO-WHFs practical”, Crypto’97, LNCS 1294 (1997) 470–484.Google Scholar
  7. [7]
    R. Canetti, O. Goldreich and S. Halevi, “The random oracle methodology, revisited (preliminary version)”, Proc. 30th STOC, 1998, 209–218.Google Scholar
  8. [8]
    “Postage Indicia Standard” for Canada Post, Draft Version 1.2, 1999.Google Scholar
  9. [9]
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, Crypto’98, LNCS 1462 (1998) 13–25.Google Scholar
  10. [10]
    M. Jakobsson and C. P. Schnorr, “Security of discrete log cryptosystems in the random oracle + generic model”, presented at the Conference on The Mathematics of Public-Key Cryptography, The Fields Institute, Toronto, Canada, (1999).Google Scholar
  11. [11]
    D. Naccache and J. Stern, “Signing on a postcard”, Proceedings of the Fourth Annual Conference on Financial Cryptography 2000, to appear.Google Scholar
  12. [12]
    M. Naor and M. Yung, “Universal one-way hash functions and their cryptographic applications”, Proc. 21st STOC, ACM (1989), 33–43.Google Scholar
  13. [13]
    K. Nyberg and R. Rueppel, “Message recovery for signature schemes based on the discrete logarithm problem”, Designs, Codes and Cryptography, 7 (1996), 61–81.zbMATHGoogle Scholar
  14. [14]
    L. Pintsov and S. Vanstone, “Postal revenue collection in the digital age”, Proceedings of the Fourth Annual Conference on Financial Cryptography 2000, to appear.Google Scholar
  15. [15]
    D. Pointcheval and J. Stern, “Security proofs for signature schemes”, Eurocrypt’96, LNCS 1070 (1996) 387–398.Google Scholar
  16. [16]
    V. Shoup, “Lower bounds for discrete logarithms and related problems”, Eurocrypt’97, LNCS 1233 (1997) 256–266.Google Scholar
  17. [17]
    USPS Information Based Indicia Program (IBIP): Performance Criteria for Information Based Indicia and Security Architecture for IBI Postage Metering Systems (PCIBISAIPMS), draft, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Daniel R. L. Brown
    • 1
  • Don B. Johnson
    • 1
  1. 1.Certicom ResearchCanada

Personalised recommendations