Abstract
A signature scheme is existentially unforgeable if, given any polynomial (in the security parameter) number of pairs (m 1 , S(m 1 )), (m 2 , S(m 2 )), . . ., (m k , S(m k )), where S(m) denotes the signature on the message m , it is computationally infeasible to generate a pair (m k+1 , S(m k+1 )) for any message m k+1 $ \notin $ {m 1 , . . ., m k } . We present an existentially unforgeable signature scheme that for a reasonable setting of parameters requires at most six times the amount of time needed to generate a signature using ``plain'' RSA (which is not existentially unforgeable). We point out applications where our scheme is desirable.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
