Authors: Eu-Jin Goh and Stanislaw Jarecki
We show a signature scheme whose security is
The signature scheme was previously proposed in the cryptographic literature on at least two occasions. However, no security analysis was done, probably because the scheme was viewed as a slight modification of Schnorr signatures. In particular, the scheme's tight security reduction to CDH has remained unnoticed until now. Interestingly, this discrete-log based signature scheme is similar to the trapdoor permutation based PSS signatures proposed by Bellare and Rogaway, and has a tight reduction for a similar reason.
In the proceedings of the International Association for Cryptologic Research (IACR) Eurocrypt 2003.
Published 5th May 2003. ps