In a digital signature scheme with message recovery, rather than transmitting the message m and its signature σ, a single enhanced signature τ is transmitted. The verifier is able to recover m from τ and at the same time verify its authenticity. The two most important parameters of such a scheme are its security and overhead |τ| − |m|. A simple argument shows that for any scheme with “n bits security” |τ| − |m| ≥ n, i.e., the overhead is lower bounded by the security parameter n. Currently, the best known constructions in the random oracle model are far from this lower bound requiring an overhead of n + logq h , where q h is the number of queries to the random oracle. In this paper we give a construction which basically matches the n bit lo...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...
International audienceKabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme ba...
We present a blind signature scheme that is efficient and provably secure without random oracles und...
In a digital signature scheme with message recovery, rather than transmitting the message $m$ and it...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
. Digital signature schemes based on a general one-way function without trapdoor offer two potential...
Abstract. Security for digital signature schemes is most commonly an-alyzed in an ideal single user ...
We present a polynomial-time algorithm that provably recovers the signer's secret DSA key when a few...
Abstract. In this paper, we propose a new signature scheme that is existentially unforgeable under a...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
International audienceWe propose statistical cryptanalysis of discrete-logarithm based authenticatio...
Every public-key encryption scheme has to incorporate a certain amount of randomness into its cipher...
Abstract We describe and analyze a new digital signature scheme. The new scheme is quite efficient, ...
Side-channel attacks allow the adversary to gain partial knowledge of the secret key when cryptograp...
International audienceIn this paper, we present three digital signature schemes with tight security ...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...
International audienceKabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme ba...
We present a blind signature scheme that is efficient and provably secure without random oracles und...
In a digital signature scheme with message recovery, rather than transmitting the message $m$ and it...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
. Digital signature schemes based on a general one-way function without trapdoor offer two potential...
Abstract. Security for digital signature schemes is most commonly an-alyzed in an ideal single user ...
We present a polynomial-time algorithm that provably recovers the signer's secret DSA key when a few...
Abstract. In this paper, we propose a new signature scheme that is existentially unforgeable under a...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
International audienceWe propose statistical cryptanalysis of discrete-logarithm based authenticatio...
Every public-key encryption scheme has to incorporate a certain amount of randomness into its cipher...
Abstract We describe and analyze a new digital signature scheme. The new scheme is quite efficient, ...
Side-channel attacks allow the adversary to gain partial knowledge of the secret key when cryptograp...
International audienceIn this paper, we present three digital signature schemes with tight security ...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...
International audienceKabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme ba...
We present a blind signature scheme that is efficient and provably secure without random oracles und...