A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
A public key cryptosystem based on the word problem
Proceedings of CRYPTO 84 on Advances in cryptology
Efficient signature schemes based on polynomial equations
Proceedings of CRYPTO 84 on Advances in cryptology
Non-linear, non-commutative functions for data integrity
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Status report on factoring (at the Sandia National Labs)
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Discrete logarithms in finite fields and their cryptographic significance
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
The subliminal channel and digital signatures
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Zero-knowledge proofs of identity and veracity of transaction receipts
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Can O.S.S. be repaired?: proposal for a new practical signature scheme
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Signature Schemes Based on 3rd Order Shift Registers
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Weakness in Quaternion Signatures
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
An Attack on a Signature Scheme Proposed by Okamoto and Shiraishi
CRYPTO '85 Advances in Cryptology
A Secure Subliminal Channel (?)
CRYPTO '85 Advances in Cryptology
Breaking the Ong-Schnorr-Shamir Signature Scheme for Quadratic Number Fields
CRYPTO '85 Advances in Cryptology
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Attacks on the Birational Permutation Signature Schemes
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
How to Break Shamir's Asymmetric Basis
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Twin Algorithm for Efficient Generation of Digital Signatures
INDOCRYPT '01 Proceedings of the Second International Conference on Cryptology in India: Progress in Cryptology
Spreading alerts quietly and the subgroup escape problem
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Practical key-recovery for all possible parameters of SFLASH
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
Electronic messages, documents and checks must be authenticated by digital signatures which are not forgeable even by their recipients. The RSA system can generate and verify such signatures, but each message requires hundreds of high precision modular multiplications which can be implemented efficiently only on special purpose hardware. In this paper we propose a new signature scheme which can be easily implemented in software on microprocessors: signature generation requires one modular multiplication and one modular division, signature verification requires three modular multiplications, and the key size is comparable to that of the RSA system. The new scheme is based on the quadratic equation m &equil; s21 + ks22 (mod n), where m is the message, s1 and s2 are the signature, and k and n are the publicly known key. While we cannot prove that the security of the scheme is equivalent to factoring, all the known methods for solving this quadratic equation for arbitrary k require the extraction of square roots modulo n or the solution of similar problems which are at least as hard as factoring. A novel property of the new scheme is that legitimate users can choose k in such a way that they can sign messages even without knowing the factorization of n, and thus everyone can use the same modulus if no one knows its factorization.