Efficient signature schemes based on polynomial equations
Proceedings of CRYPTO 84 on Advances in cryptology
Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
An efficient solution of the congruence x2+ky2=m (modn)
IEEE Transactions on Information Theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
An efficient signature scheme based on quadratic equations
STOC '84 Proceedings of the sixteenth annual ACM symposium on Theory of computing
How to Break Shamir's Asymmetric Basis
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Hi-index | 0.00 |
This paper describes a family of new Ong-Schnorr-Shamir-Fiat-Shamir-like [1] identification and signature protocols designed to prevent forgers from using the Pollard-Schnorr attack [2].Our first signature scheme (and its associated identification protocol) uses x, which is secret-free, as a commitment on which k will depend later. Therefore, the original quadratic equation is replaced by x2 - k(x)y2 驴 m mod n where k(x) is a non-polynomial function of x and since the Poliard-Schnorr algorithm takes as input value k (to output x and y), it becomes impossible to feed 脿-priori k(x) which is output-dependent.The second signature method takes advantage of the fact that although an attacker can generate valid OSS signatures (solutions {x,y} of x2 - ky2 驴 m mod n), he has no control over the internal structure of x and y and in particular, if we restrict the solution space by adding extra conditions on x and y, it becomes very difficult to produce forged solutions that satisfy the new requirements.