[148478] in cryptography@c2.net mail archive
Re: [Cryptography] A new digital signature scheme based on the RSA
daemon@ATHENA.MIT.EDU (Jonathan Katz)
Mon Dec 16 18:58:47 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 16 Dec 2013 15:26:44 -0500 (EST)
From: Jonathan Katz <jkatz@cs.umd.edu>
To: Sergio Lerner <sergiolerner@pentatek.com>
In-Reply-To: <52AF50D5.1@pentatek.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Mon, 16 Dec 2013, Sergio Lerner wrote:
> Hi!
> This is my first message to the group, and I hope it doesn't bore you.
>
> Playing with RSA digital signatures I realized that the same system can
> be used a bit differently and achieve the same security level (as far as
> I see). I haven't read about this method before and it's near impossible
> to google for a math formula. So this may be a very old broken digital
> signature method, or it may be a brand new shinny candidate. If you find
> any previous reference, let me know. The main idea is to use the hash of
> the message as the public exponent, and everything else derives
> naturally from that idea.
>
> *The RSAL Digital signature Scheme*
<snip>
Your scheme is similar to several schemes in the literature based on
the so-called *strong RSA* assumption (as compared to the [regular] RSA
assumption). See, for example:
http://www.research.ibm.com/people/s/shaih/pubs/ghr99.ps.gz
http://www.shoup.net/papers/sig.ps
(But make sure to also check google scholar for the followup work.)
Note further that there is no real reason to make your base 'v' depend on
the message; you may as well have the signer fix it as part of their
public key once and for all.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
