1. No category

An improved signature scheme without using one

An improved signature
scheme without using oneway Hash functions
Source : Applied Mathematics and Computation
170(2005)905-908
Author : Jianhong Zhang and Yumin Wang
Speaker :Tai-Hong Chen
Date
:12/6
1
Outline
 Introduction
 Chang et al.’s Signature Scheme
 Cryptanalysis of Chang et al.’s Signature
Scheme
 Proposed scheme
 Security analysis
 Conclusion
2
Introduction
Using one-way hash functions and
message redundancy
Without using one-way hash functions
and message redundancy
Why use one-way hash functions and message redundancy?
To ensure the correctness of the recovered message and to resist
the forgery attacks.
Insecure
Use that
Improve
Insecure
Without
2000
Shieh et al.
Improve
2004.8
Chang et al.
2005.8
Zhang
2005.11
Zhang and Wang
3
Notations
p : a large prime number
g : a primitive element in GF ( p)
xi : private key, gcd( xi , ( p  1))  1
yi : public key, yi  g xi mod p
4
Chang et al.’s Signature Scheme
Alice
Bob
Compute
( s, r , t )
s  y mod p
M
i
r  M sg
k
mod p
1
i
s  t  x  (k  r )(mod( p  1))
k is a random number in [1, p  1]
M   yis t  r  g r  s 1 (mod p )
 g xi ( s t ) M  s  g  k  g r  s 1 (mod p )
 g k  r  M  g  k  r (mod p )
M
check
s  yiM  mod p
5
Cryptanalysis of Chang et al.’s
Signature Scheme
Alice
( s, r , t )
Bob
Bob forge another valid signature
( s, r , t )
(1). Bob chooses a random number  in [1, p  1]
and computes message m  M  y  mod p
(2). Bob sets s  y m mod p
(3). Bob sets r   r
(4). Bob sets t   s  t  M    s  m mod ( p  1)
6
Proposed scheme
Alice
Bob
Compute
s  (y  M )
r  M sg
M mod ( p 1)
k
mod p
mod p
s  t  xi1  (k  r  s )(mod( p  1))
( s, r , t )
M   y s t  r  g r  s  s 1
g
x ( s t )
M  s  g  k  g r  s  s 1
 g k  r  s  M  g  k  r  s (mod p )
M
k is a random number in [1, p  1]
check s  ( y  M ) M  mod ( p1) mod p
7
Security analysis
 To overcome the above forgery attack, we
make s  ( y  M ) M mod ( p1) mod p
If an adversary wants to forge the signer to produce a
valid signature of the message M 
s  ( y  M ) M  mod p
r   M   s  y  k mod p
t  ?
To pass
M   y st r   g rs  s1 mod p
s  ( y  M ) M  mod p
t must satisfy
M   y  s  r 1  g ( rs)  s  y t mod p
8
Conclusion
 Design a digital signature scheme without
using one-way has function.
9

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz