CryptoDB
Optimal security proofs for PSS and other signature schemes
Authors: | |
---|---|
Download: | |
Abstract: | The Probabilistic Signature Scheme (PSS) designed by Bellare and Rogaway is a signature scheme provably secure against chosen message attacks in the random oracle model, with a security level equivalent to RSA. In this paper, we derive a new security proof for PSS in which a much shorter random salt is used to achieve the same security level, namely we show that $\log_2 q_{sig}$ bits suffice, where $q_{sig}$ is the number of signature queries made by the attacker. When PSS is used with message recovery, a better bandwidth is obtained because longer messages can now be recovered. Moreover, we show that this size is optimal: if less than $\log_2 q_{sig}$ bits of random salt are used, PSS is still provably secure but no security proof can be tight. This result is based on a new technique which shows that other signature schemes such as the Full Domain Hash scheme and Gennaro-Halevi-Rabin's scheme have optimal security proofs. |
BibTeX
@misc{eprint-2001-11474, title={Optimal security proofs for PSS and other signature schemes}, booktitle={IACR Eprint archive}, keywords={public-key cryptography / Probabilistic Signature Scheme, provable security, random oracle model.}, url={http://eprint.iacr.org/2001/062}, note={ coron@clipper.ens.fr 11540 received 6 Aug 2001}, author={Jean-Sébastien Coron}, year=2001 }