Abstract
This paper describes a family of new Ong-Schnorr-Shamir-Fiat-Shamir-like [1] identification and signature protocols designed to prevent forgers from using the Pollard-Schnorr attack [2].
Our first signature scheme (and its associated identification protocol) uses x, which is secret-free, as a commitment on which k will depend later. Therefore, the original quadratic equation is replaced by x2 − -k(x)y2 = m mod n where k(x) is a non-polynomial function of x and since the Poliard-Schnorr algorithm takes as input value k (to output x and y), it becomes impossible to feed à-priori k(x) which is output-dependent
The second signature method takes advantage of the fact that although an attacker can generate valid
OSS signatures (solutions {x,y} of x2 - k y2 = m mod n), he has no control over the internal structure of x and y and in particular, if we restrict the solution space by adding extra conditions on x and y, it becomes very difficult to produce forged solutions that satisfy the new requirements.
Chapter PDF
Similar content being viewed by others
References
H. ONG, C. SCHNORR & A. SHAMIR, “An efficient signature scheme based on quadratic equations” in Proceedings of the 16th Symposium on the Theory of Computing, Washington, 1984, pp. 208–216.
J. POLLARD & C. SCHNORR, “An efficient solution of the congruence x 2 + ky 2 = m mod n”, IEEE Transactions on Information Theory, vol. IT-33, no. 5., September 1987, pp 702–709.
L. ADLEMAN, D. ESTES & K. McCURLEY, “Solving bivariate quadratic congruences in random polynomial time”, Mathematics of Computation, vol. 48, no. 177, January 1987, pp 17–28.
A. SHAMIR, “Identity-Based Cryptosystems and Signature Schemes”, Proceedings of Crypto’84, Lecture Notes in Computer Science, no. 196, Springer-Verlag 1985.
A. FIAT & A. SHAMIR, “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”, Proceedings of Crypto’86, Lecture Notes in Computer Science, no. 263, Springer-Verlag 1986.
H. ONG, C. SCHNORR & A. SHAMIR, “Efficient Signature Schemes Based on Polynomial Equations”, Proceedings of Crypto’84, Lecture Notes in Computer Science, no. 196, Springer-Verlag 1985.
R. RIVEST, A. SHAMIR & L. ADLEMAN, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Comm: ACM 21,2 (Feb. 1978), pp 120–126.
D. NACCACHE, “Unless Modified Fiat-Shamir is Insecure”, Proceedings of the Third Symposium on State and Progress of Research in Cryptography: SPRC’93, Fondazione Ugo Bordont (1993), pp 172–180.
D. NACCACHE & D. M’RAIHI, “A strictly DSS-compatible scheme without 1/k mod q”, to appear.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naccache, D. (1994). Can O.S.S. be Repaired? - Proposal for a New Practical Signature Scheme -. In: Helleseth, T. (eds) Advances in Cryptology — EUROCRYPT ’93. EUROCRYPT 1993. Lecture Notes in Computer Science, vol 765. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48285-7_19
Download citation
DOI: https://doi.org/10.1007/3-540-48285-7_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57600-6
Online ISBN: 978-3-540-48285-7
eBook Packages: Springer Book Archive