Signature schemes based on the strong RSA assumption

Ronald Cramer, Victor Shoup
1999 Proceedings of the 6th ACM conference on Computer and communications security - CCS '99  
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the so-called strong RSA assumption. Moreover, a hash function can be incorporated into the scheme in such a way that it is also secure in the random oracle model under the standard RSA assumption. * This is a revision of IBM Research Report RZ 3083 (December 1998).
doi:10.1145/319709.319716 dblp:conf/ccs/CramerS99 fatcat:w6zblgm6mbfgtfef6azt4moxta