Skip to main content
Conference ProceedingsOPEN ACCESS

Discrete-log-based signatures may not be equivalent to discrete log

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2005) 3788 LNCS 1-20
DOI: 10.1007/11593447_1
109Citations
Citations of this article
63Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We provide evidence that the unforgeability of several discrete-log based signatures like Schnorr signatures cannot be equivalent to the discrete log problem in the standard model. This contradicts in nature well-known proofs standing in weakened proof methodologies, in particular proofs employing various formulations of the Forking Lemma in the random oracle Model. Our impossibility proofs apply to many discrete-log-based signatures like ElGamal signatures and their extensions, DSA, ECDSA and KCDSA as well as standard generalizations of these, and even RSA-based signatures like GQ. We stress that our work sheds more light on the provable (in)security of popular signature schemes but does not explicitly lead to actual attacks on these. © International Association for Cryptologic Research 2005.

Cite

CITATION STYLE

APA

Paillier, P., & Vergnaud, D. (2005). Discrete-log-based signatures may not be equivalent to discrete log. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3788 LNCS, pp. 1–20). https://doi.org/10.1007/11593447_1

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free