Abstract
The signature schemes described in the previous chapter have the advantage of being based on very weak cryptographic assumptions, but have the drawback of being incredibly inefficient. (Even the Lamport scheme, which could conceivably be used, has very large public keys and signatures.) It is natural to wonder whether relying on stronger, more specific assumptions might yield more efficient schemes. Unfortunately, progress in this direction has been limited: only a handful of schemes are known that are more efficient than the “generic” constructions of the previous chapter and, of these, even fewer are efficient enough to compete with the signature schemes currently used in practice.1 In fact, and somewhat disappointingly, the only schemes we currently have that come close to the efficiency of signature schemes currently in use are based on relatively “new” cryptographic assumptions discussed in this and the following chapter. (Admittedly, this point is debatable and depends to some extent on what one takes as his measure of efficiency.)
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Katz, J. (2010). Signature Schemes Based on the (Strong) RSA Assumption. In: Digital Signatures. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-27712-7_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-27712-7_4
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-27711-0
Online ISBN: 978-0-387-27712-7
eBook Packages: Computer ScienceComputer Science (R0)