The improved QV signature scheme based on conic curves over ℤ n

Abstract

The classical RSA is vulnerable to low private exponent attacks (LPEA) and has homomorphism. KMOV based on elliptic curve E n (a,b) over ℤ n can resist LPEA but still has homomorphism. QV over E n (a,b) not only can resist LPEA but also has no homomorphism. However, QV over E n (a,b) requires the existence of points whose order is M n = lcm{♯E p (a,b), ♯E q (a,b)}. This requirement is impractical for all general elliptic curves. Besides, the computation over En(a,b) is quite complicated. In this paper, we further study conic curve C n (a,b) over ℤ n and its corresponding properties, and advance several key theorems and corollaries for designing digital signature schemes, and point out that C n (a,b) always has some points whose order is M n = lcm{♯E p (a,b), ♯E q (a,b)}. Thereby we present an improved QV signature over C n (a,b), which inherits the property of non-homomorphism and can resist the Wiener attack. Furthermore, under the same security requirements, the improved QV scheme is easier than that over E n (a,b), with respect plaintext embedding, inverse elements computation, points computation and points’ order calculation. Especially, it is applicable to general conic curves, which is of great significance to the application of QV schemes.