# On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order

@article{Girault2006OnTF, title={On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order}, author={Marc Girault and Guillaume Poupard and Jacques Stern}, journal={Journal of Cryptology}, year={2006}, volume={19}, pages={463-487} }

In response to the current need for fast, secure and cheap public-key cryptography, we propose an interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, very short transmission and minimal on-line computation. This leads to both efficient and secure applications well suited to implementation on low cost smart cards. We introduce GPS, a Schnorr-like scheme that…

## 104 Citations

Code-based identification and signature schemes

- Computer Science, Mathematics
- 2013

This thesis proposes a novel zero-knowledge five-pass identification scheme which improves on Stern's scheme and puts forward a generic methodology for proving the security of signature schemes derived from this class of identification schemes.

Refining Identification Scheme based on Isomorphism of Polynomials with Two Secrets: a New Theoretical and Practical Analysis

- Computer Science, MathematicsAsiaPKC '16
- 2016

This paper presents the first formal security proof of identification scheme based on IP2S against impersonation under passive attack, sequential active attack, and concurrent active attack and proposes new secure parameters and methods to reduce the implementation cost.

Practical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits

- Computer Science, MathematicsCHES
- 2015

Analysis of discrete-logarithm based authentication schemes such as Schnorr identification scheme or Girault-Poupard-Stern identification and signature schemes shows that the GPS scheme with 128-bit security can be broken using only 710 signatures assuming that the adversary knows (on average) one bit per nonce.

Tightly-Secure Signatures from Lossy Identification Schemes

- Computer Science, MathematicsEUROCRYPT
- 2012

A general transformation that converts, what the authors term lossy identification schemes, into signature schemes with tight security reductions is presented that greatly simplifies the task of constructing and proving the security of such signature schemes.

Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures

- Computer Science, MathematicsASIACRYPT
- 2009

This work demonstrates how the framework that is used for creating efficient number-theoretic ID and signature schemes can be transferred into the setting of lattices and is able to shorten the length of the signatures that are produced by Girault's factoring-based digital signature scheme.

Efficient one-pass entity authentication based on ECC for constrained devices

- Computer Science, Mathematics2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)
- 2010

The efficiency of the protocol is proven through a prototype implementation of a remote keyless entry system including a microcontroller and an FPGA-based, GF(2163) Elliptic Curve (EC) co-processor which features state-of-the-art measures against simple and differential power analysis and fault attacks.

Tightly Secure Signatures From Lossy Identification Schemes

- Computer Science, MathematicsJournal of Cryptology
- 2015

A general transformation is presented that converts what the authors term$$lossy $$lossy identification schemes into signature schemes with tight security reductions that greatly simplifies the task of constructing and proving the security of such signature schemes.

The design and analysis of symmetric cryptosystems

- Computer Science, Mathematics
- 2015

A general forgery attack against the related message authentication schemes is described, as well as providing a common description of all known attacks against such schemes, and greatly expanding the number of known weak keys.

A New 'On the Fly' Identification Scheme: An Asymptoticity Trade-Off between ZK and Correctness

- Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2009

A concrete attack procedure is constructed which reveals one bit of secret key s from the specified value range of y unless BS/A is negligible, and it is confirmed that the reduce of A reduces approximately 4% of running time for online response using a certain implementation technique for GPS+.

Tightly-Secure Signatures from Five-Move Identification Protocols

- Computer Science, MathematicsASIACRYPT
- 2017

Surprisingly, the CDH-based scheme turns out to be (a slight simplification of) the Chevallier-Mames signature scheme (CRYPTO 05), thereby providing a theoretical explanation of its tight security proof via five-move identification protocols.

## References

SHOWING 1-10 OF 49 REFERENCES

Security Analysis of a Practical "on the fly" Authentication and Signature Generation

- Computer Science, MathematicsEUROCRYPT
- 1998

An interactive zero-knowledge identification scheme and a derived signature scheme that combine provable security based on the general problem of computing discrete logarithms modulo any number, short identity-based keys, very short transmission and minimal on-line computation are studied.

On the fly signatures based on factoring

- Computer ScienceCCS '99
- 1999

This work proposes a new on the fly signature scheme that requires very small on-line work for the signer and combines provable security based on the factorization problem, short public and secret keys, short transmission and minimal on- line computation.

An interactive identification scheme based on discrete logarithms and factoring

- Computer Science, MathematicsJournal of Cryptology
- 2004

A modification of an interactive identification scheme of Schnorr intended for use by smart cards is described, which will be witness hiding, which is a more rigid security condition than Schnorr proved for his scheme, if factoring a large integer with some side information is computationally infeasible.

Efficient signature generation by smart cards

- Computer Science, MathematicsJournal of Cryptology
- 2004

An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.

Improved Online/Offline Signature Schemes

- Computer Science, MathematicsCRYPTO
- 2001

The recently introduced notion of a trapdoor hash function is used to develop a new paradigm called hash-sign-switch, which can convert any signature scheme into a highly efficient on-line/off-line signature scheme and enhances the security of the original signature scheme.

On the Length of Cryptographic Hash-Values Used in Identification Schemes

- Computer Science, MathematicsCRYPTO
- 1994

This paper shows that 64-bit hash-values, a length often suggested, definitely decrease the level of the security of all these schemes, and proves that collision-resistance is a sufficient condition to achieve the claimed level of security.

A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

- Computer Science, MathematicsSIAM J. Comput.
- 1988

A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.

From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security

- Computer Science, MathematicsEUROCRYPT
- 2002

It is shown that the signature scheme is secure against chosen-message attacks in the random oracle model if and only if the underlying identification scheme isSecure, and has its commitments drawn at random from a large space.

An Identity-based Identification Scheme Based on Discrete Logarithms Modulo a Composite Number

- Computer Science, MathematicsEUROCRYPT
- 1990

This work derives the first identity-based identification scheme based on discrete logarithm modulo a composite number, based on a problem known to be harder than factorization problem.

Self-Certified Public Keys

- Computer Science, MathematicsEUROCRYPT
- 1991

Self-certified public keys contribute to reduce the amount of storage and computations in public key schemes, while secret keys are still chosen by the user himself and remain unknown to the authority.