Showing papers on "Merkle signature scheme published in 1984"

An efficient signature scheme based on quadratic equations

Abstract: Electronic messages, documents and checks must be authenticated by digital signatures which are not forgeable even by their recipients. The RSA system can generate and verify such signatures, but each message requires hundreds of high precision modular multiplications which can be implemented efficiently only on special purpose hardware. In this paper we propose a new signature scheme which can be easily implemented in software on microprocessors: signature generation requires one modular multiplication and one modular division, signature verification requires three modular multiplications, and the key size is comparable to that of the RSA system. The new scheme is based on the quadratic equation m = s21 + ks22 (mod n), where m is the message, s1 and s2 are the signature, and k and n are the publicly known key. While we cannot prove that the security of the scheme is equivalent to factoring, all the known methods for solving this quadratic equation for arbitrary k require the extraction of square roots modulo n or the solution of similar problems which are at least as hard as factoring. A novel property of the new scheme is that legitimate users can choose k in such a way that they can sign messages even without knowing the factorization of n, and thus everyone can use the same modulus if no one knows its factorization.

Can a fast signature scheme without secret key be secure

Abstract: Another title could have been "A probabilistic factorization algorithm in GL(2,p)". However, the problem is to calculate a fast and short signature associated with a plaintext inscribed on an erasable support. The signature should be written down in a book accompanying the record in order that it could be check ed anytime that the latter has not been changed. J. BOSSET [1] suggest such a scheme together with an algorithm for computing a signature. The 64 characters needed for the plaintext are identified with a subset of GL(2,p), p=997. The signature is the product of the matrices corresponding to the plaintext characters taken in the order where they appear. Such a scheme could be broken if it is possible to factorize an element of GL(2,p) into t=16 r factors, each one in a subset Ui of GL(2,p) of size 64 , i=1,...,t. We here assume one hypothesis only on uniform probability distributions of random variables defined on product sets Vj=Ujr+1×...×U(j+1)r, j=0,...,15. In consideration on which, a probabilistic factorization algorithm in GL(2,p) is introduced.