[Cryptography] A new digital signature scheme based on the RSA problem?

Jonathan Katz jkatz at cs.umd.edu
Mon Dec 16 15:26:44 EST 2013


On Mon, 16 Dec 2013, Sergio Lerner wrote:

> Hi!
> This is my first message to the group, and I hope it doesn't bore you.
>
> Playing with RSA digital signatures I realized that the same system can
> be used a bit differently and achieve the same security level (as far as
> I see). I haven't read about this method before and it's near impossible
> to google for a math formula. So this may be a very old broken digital
> signature method, or it may be a brand new shinny candidate. If you find
> any previous reference, let me know. The main idea is to use the hash of
> the message as the public exponent, and everything else derives
> naturally from that idea.
>
> *The RSAL Digital signature Scheme*

<snip>

Your scheme is similar to several schemes in the literature based on 
the so-called *strong RSA* assumption (as compared to the [regular] RSA 
assumption). See, for example:
   http://www.research.ibm.com/people/s/shaih/pubs/ghr99.ps.gz
   http://www.shoup.net/papers/sig.ps
(But make sure to also check google scholar for the followup work.)

Note further that there is no real reason to make your base 'v' depend on 
the message; you may as well have the signer fix it as part of their 
public key once and for all.


More information about the cryptography mailing list