In a digital signature scheme with message recovery, rather than transmitting the message $m$ and its signature $\sigma$, a single enhanced signature $\tau$ is transmitted. The verifier is able to recover $m$ from $\tau$ and at the same time verify its authenticity. The two most important parameters of such a scheme are its security and overhead $|\tau|-|m|$. A simple argument shows that for any scheme with ``$n$ bits security $|\tau|-|m|\ge n$, i.e., the overhead is lower bounded by the security parameter $n$. Currently, the best known constructions in the random oracle model are far from this lower bound requiring an overhead of $n+\log q_h$, where $q_h$ is the number of queries to the random oracle. In this paper we give a construction...
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not ...
International audienceWe propose statistical cryptanalysis of discrete-logarithm based authenticatio...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
Abstract. Security for digital signature schemes is most commonly an-alyzed in an ideal single user ...
. Digital signature schemes based on a general one-way function without trapdoor offer two potential...
Abstract We describe and analyze a new digital signature scheme. The new scheme is quite efficient, ...
We present a polynomial-time algorithm that provably recovers the signer's secret DSA key when a few...
Abstract. In this paper, we propose a new signature scheme that is existentially unforgeable under a...
International audienceKabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme ba...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
Side-channel attacks allow the adversary to gain partial knowledge of the secret key when cryptograp...
. In this paper, we present a simple method for generating random-based signatures when random numbe...
We present a blind signature scheme that is efficient and provably secure without random oracles und...
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not ...
International audienceWe propose statistical cryptanalysis of discrete-logarithm based authenticatio...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
In a digital signature scheme with message recovery, rather than transmitting the message m and its ...
Abstract. Security for digital signature schemes is most commonly an-alyzed in an ideal single user ...
. Digital signature schemes based on a general one-way function without trapdoor offer two potential...
Abstract We describe and analyze a new digital signature scheme. The new scheme is quite efficient, ...
We present a polynomial-time algorithm that provably recovers the signer's secret DSA key when a few...
Abstract. In this paper, we propose a new signature scheme that is existentially unforgeable under a...
International audienceKabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme ba...
We provide two contributions to exact security analysis of digital signatures: We put forward a new ...
Side-channel attacks allow the adversary to gain partial knowledge of the secret key when cryptograp...
. In this paper, we present a simple method for generating random-based signatures when random numbe...
We present a blind signature scheme that is efficient and provably secure without random oracles und...
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not ...
International audienceWe propose statistical cryptanalysis of discrete-logarithm based authenticatio...
A cryptographic scheme is \provably secure " if an attack onthescheme implies an attack on ...