Security Difference between DSA and Schnorr's Signature

  title={Security Difference between DSA and Schnorr's Signature},
  author={Zhengjun Cao and Olivier Markowitch},
  journal={2009 International Conference on Networks Security, Wireless Communications and Trusted Computing},
  • Zhengjun Cao, O. Markowitch
  • Published 25 April 2009
  • Computer Science
  • 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing
We investigate the security difference between DSA and Schnorr's signature. The security of DSA can be reduced to the problem: to find $m\in \Omega, \rho, \theta\in \mathcal {Z}_q^*$ such that $\mathcal {H}(m) =\rho\left((g^{\rho}y)^{\theta}\,  \mbox{mod}\, p\right) \,\mbox{mod}\, q$,where $\Omega $ denotes the text space and the message$m$ is not restrained. Unlike DSA evaluates the hash function only at the message $m$, Schnorr's signature  adopts a self-feedback mode by evaluating the hash… Expand
Implementation and adaptation of the Pseudonymous PKI for Ubiquitous Computing for Car-2-Car Communication
It is argued that the PPKI fulfils the security challenges of Car-2-Car communication and has advantages over a classical PKI. Expand
Building the Pico from Low Cost Components
iii List of Figures and Tables iv


The Security of DSA and ECDSA Bypassing the Standard Elliptic Curve Certification Scheme
It is shown that one may be able to maliciously choose an elliptic curve for ECDSA despite the standard validation scheme, which demonstrates that some part of the standard is not well designed. Expand
Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log
We provide evidence that the unforgeability of several discrete-log based signatures like Schnorr signatures cannot be equivalent to the discrete log problem in the standard model. This contradictsExpand
Security Proofs for Signature Schemes
This paper establishes the generality of this technique against adaptively chosen message attacks and achieves such a security proof for a slight variant of the El Garrial signature schemc where committed values are hashed together with the message. Expand
Hidden Collisions on DSS
This work explains how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures, and presents a similar attack when using this generation algorithm within a complexity 274. Expand
Efficient signature generation by smart cards
  • C. Schnorr
  • Mathematics, Computer Science
  • Journal of Cryptology
  • 2004
An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures. Expand
Another Look at "Provable Security"
It is argued that the theorem-proof paradigm of theoretical mathematics is often of limited relevance here and frequently leads to papers that are confusing and misleading. Expand
Lower Bounds for Discrete Logarithms and Related Problems
  • V. Shoup
  • Mathematics, Computer Science
  • 1997
Lower bounds on the complexity of the discrete logarithm and related problems are proved that match the known upper bounds: any generic algorithm must perform Ω(p1/2) group operations, where p is the largest prime dividing the order of the group. Expand
A public key cryptosystem and a signature scheme based on discrete logarithms
A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on theExpand
Finding Collisions in the Full SHA-1
This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations. Expand
Applied cryptography - protocols, algorithms, and source code in C, 2nd Edition
This document describes the construction of protocols and their use in the real world, as well as some examples of protocols used in the virtual world. Expand