A new signature scheme based on the DSA giving message recovery
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the Security of RSA Padding
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Signature Scheme with Message Recovery as Secure as Discrete Logarithm
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Formal Security Proofs for a Signature Scheme with Partial Message Recovery
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Short Signatures from the Weil Pairing
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Short Signatures in the Random Oracle Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A provably secure short signature scheme based on discrete logarithms
Information Sciences: an International Journal
IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks
Computer Communications
Efficient Batch Verification of Short Signatures for a Single-Signer Setting without Random Oracles
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Review: Wireless sensor network key management survey and taxonomy
Journal of Network and Computer Applications
CAT: building couples to early detect node compromise attack in wireless sensor networks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Efficient short signcryption scheme with public verifiability
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
A new signature scheme without random oracles from bilinear pairings
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Short signature scheme based on discrete logarithms
WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
Identity-based partial message recovery signatures (or how to shorten ID-Based signatures)
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
A generic scheme based on trapdoor one-way permutations with signatures as short as possible
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Optimal asymmetric encryption and signature paddings
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Pairing-Based cryptography at high security levels
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Algebraic curves and cryptography
Finite Fields and Their Applications
| Hi-index | 0.00 |
We investigate the problem of signing short messages using a scheme that minimizes the total length of the original message and the appended signature. This line of research was motivated by several postal scrviccs intcrcstcd by stamping machines capablc of producing digital signatures. Although several message recovery schemes exist, their security is questionable. This paper proposes variants of DSA and ECDSA allowing partial recovery: the signature is appended to a truncated message and the discarded bytes are recovered by the verification algorithm. Still, the signature authenticates the whole message. Our scheme has some form of provable security, based on the random oracle model. Using further optimizations we can lower the scheme's overhead to 26 bytes for a 2-80 security level, compared to forty bytes for DSA or ECDSA and 128 bytes 1024-bit RSA.