Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log

14 years 5 months ago

Download www.math.unicaen.fr

Abstract We provide evidence that the unforgeability of several discrete-log based signatures like Schnorr signatures cannot be equivalent to the discrete log problem in the standard model. This contradicts in nature well-known proofs standing in weakened proof methodologies, in particular proofs employing various formulations of the Forking Lemma in the random oracle Model. Our impossibility proofs apply to many discrete-log-based signatures like ElGamal signatures and their extensions, DSA, ECDSA and KCDSA as well as standard generalizations of these, and even RSA-based signatures like GQ. We stress that our work sheds more light on the provable (in)security of popular signature schemes but does not explicitly lead to actual attacks on these.

Pascal Paillier, Damien Vergnaud

Real-time Traffic

ASIACRYPT 2005 | Cryptology | Discrete-log Based Signatures | Nature Well-known Proofs | Signature |

claim paper

Post Info
More Details (n/a)

Added	26 Jun 2010
Updated	26 Jun 2010
Type	Conference
Year	2005
Where	ASIACRYPT
Authors	Pascal Paillier, Damien Vergnaud

Comments (0)

Sciweavers

Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log

ASIACRYPT 2005 | Cryptology | Discrete-log Based Signatures | Nature Well-known Proofs | Signature |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers