^{1}

^{2}

^{1}

^{2}

The past years have seen many attempts to construct digital signature schemes based on a single hard problem, like factoring or discrete logarithm. But in the near future, those systems will no longer be secure if the solution of factoring or discrete logarithms problems is discovered. In this paper, we propose a new signature scheme based on two hard number theoretic problems, factoring and discrete logarithms. The major advantage of our scheme is that it is very unlikely that factoring and discrete logarithms can be efficiently solved simultaneously, and; therefore, the security of our scheme is longer or higher than that of any scheme based on a single hard number theoretic problem. We also show that the performance of the scheme requires only minimal operation both in signing and verifying logarithms and is resistant to attack.

A digital signature scheme is used to authenticate the contents of a digital message, and a valid digital signature tells that the message was generated by a legal/known sender and was not altered during the transmission. Digital signatures are commonly applicable for software distribution, internet-based transactions, forgery detection or tampering. Most digital signature schemes have the common feature that they are based on a single cryptographic assumption [

The major motivation for this research is that such schemes are more secure than the schemes based on a single hard problem. However, many such schemes have been shown to be insecure [

In the following, Section

The main purpose of proposing a signature scheme based on two hard problems is to enhance the security of the scheme. The difficulty of simultaneously solving two hard problems is harder than solving a single hard problem. The proposed scheme remains secure even if one can find a solution to one of the underlying problems.

The proposed signature scheme involves the one-to-one interactions between a signer and a verifier to execute the system initialization phase, the key generation phase, the signature generation phase, and the signature verification phase, described as follows.

The system initialization phase proceeds with the following commonly required parameters over the defined multiplicative groups. A one-way hash function is applied in the scheme with standard cryptographic characteristics, and to prevent the chosen message attack as defined by ElGamal [

a cryptographic hash function

a large prime

an integer

an integer

In this phase, we do the following steps.

Pick randomly an integer

Calculate the secret number

Select at random an integer

Compute the public number

The public and secret keys of the signature scheme are now, respectively, given by the pairs of

To create a signature for the message

Solve

Compute

Calculate

Then the original signer publishes

The verifier confirms the validity of the signature

Compute

Check the equality

If the equality in (2) holds, then validates the signature otherwise rejects it.

Following the applied protocol, then the verification in the Signature Verification Phase is correct.

The equation in (2) in Signature Verification Phase is true for valid signatures since

Now we will show some possible attacks by which an adversary (Adv) may try to take down the proposed signature scheme. We define each attack and provide an analysis of why each attack would fail.

Adv wishes to obtain all secret keys using all information that is available from the system. In this case, Adv needs to solve FAC and DL problems, which is clearly infeasible.

Adv tries to forge

Adv may also try collecting

Let us assume that Adv is able to solve the DL problem meaning that, Adv knows the secret integer

Let us assume that Adv is able to solve the FAC problem, that is, he or she knows the prime factorization of modulus

The performance of our scheme is described in terms of number of keys, computational complexity, and communication costs. We use the following notations (Table

Definition of given notations.

Notations | Definition |
---|---|

Time complexity for executing the modular multiplication | |

Time complexity for executing the modular exponentiation | |

Time complexity for executing the modular square | |

Time complexity for executing the modular inverse computation | |

Time complexity for performing hash function |

We ignore the negligible time performing for modular addition. The performance of our proposed signature scheme is summarized as follows: The number of secret keys (SK) and public keys (PK) of the scheme are respectively given by SK = 2 and PK = 2. The computational complexity for the key generation and signing generation and verification is given by the following Table

Time complexity in unit of

Items | Time complexity | Complexity in |
---|---|---|

Key generation | ||

Signature generation | ||

Signature verification |

Finally, the communication costs or size of parameters of the scheme (both signature generation and verification) is

In this paper, we have proposed a new signature scheme based on two hard problems; factoring and discrete logarithms. The scheme offers a longer/higher level of security than that of scheme based on a single hard problem. Furthermore, the proposed scheme requires only

The first author acknowledges the financial support received from the Malaysian Fundamental Research Grant Scheme (FRGS) UKM-ST-07-FRGS0008-2009 and also an anonymous reviewer for their valuable comments.