{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T04:49:33Z","timestamp":1778215773139,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540140399","type":"print"},{"value":"9783540392002","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/3-540-39200-9_25","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T03:35:32Z","timestamp":1187235332000},"page":"401-415","source":"Crossref","is-referenced-by-count":79,"title":["A Signature Scheme as Secure as the Diffie-Hellman Problem"],"prefix":"10.1007","author":[{"given":"Eu-Jin","family":"Goh","sequence":"first","affiliation":[]},{"given":"Stanis\u0142aw","family":"Jarecki","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2003,5,13]]},"reference":[{"key":"25_CR1","series-title":"Lect Notes Comput Sci","first-page":"200","volume-title":"Proceedings of Eurocrypt 1992","author":"E. Brickell","year":"1992","unstructured":"Ernest Brickell, Daniel Gordon, Kevin McCurley, and David Wilson. Fast exponentiation with precomputation. In R.A. Rueppel, editor, Proceedings of Eurocrypt 1992, volume 0658 of LNCS, pages 200\u2013207. Springer-Verlag, May 1992."},{"key":"25_CR2","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1007\/BFb0054130","volume-title":"Proceedings of Eurocrypt 1998","author":"M. Bellare","year":"1998","unstructured":"Mihir Bellare, Juan Garay, and Tal Rabin. Fast batch verification for modular exponentiation and digital signatures. In K. Nyberg, editor, Proceedings of Eurocrypt 1998, volume 1403 of LNCS, pages 236\u2013250. Springer-Verlag, May 1998."},{"key":"25_CR3","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1007\/3-540-68697-5_22","volume-title":"Proceedings of Crypto 1996","author":"D. Boneh","year":"1996","unstructured":"Dan Boneh and Richard Lipton. Algorithms for black-box fields and their application to cryptography. In Neal Koblitz, editor, Proceedings of Crypto 1996, volume 1109 of LNCS, pages 283\u2013297. Springer-Verlag, May 1996."},{"key":"25_CR4","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"514","DOI":"10.1007\/3-540-45682-1_30","volume-title":"Proceedings of Asiacrypt 2001","author":"D. Boneh","year":"2001","unstructured":"Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In C. Boyd, editor, Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 514\u2013532. Springer-Verlag, December 2001."},{"key":"25_CR5","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1007\/978-3-540-46588-1_19","volume-title":"Proceedings of PKC 2000","author":"E. Brickell","year":"2000","unstructured":"Ernest Brickell, David Pointcheval, Serge Vaudenay, and Moti Yung. Design validations for discrete logarithm based signature schemes. In Hideki Imai and Yuliang Zheng, editors, Proceedings of PKC 2000, volume 1751 of LNCS, pages 276\u2013292. Springer-Verlag, January 2000."},{"key":"25_CR6","doi-asserted-by":"crossref","unstructured":"Mihir Bellare and Phillip Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and Communications Security, pages 62\u201373. ACM Press, 1993.","DOI":"10.1145\/168588.168596"},{"key":"25_CR7","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Proceedings of Eurocrypt 1996","author":"M. Bellare","year":"1996","unstructured":"Mihir Bellare and Phillip Rogaway. The exact security of digital signatures \u2014 How to sign with RSA and Rabin. In Ueli Maurer, editor, Proceedings of Eurocrypt 1996, volume 1070 of LNCS, pages 399\u2013416. Springer-Verlag, May 1996."},{"key":"25_CR8","series-title":"Lect Notes Comput Sci","first-page":"127","volume-title":"Proceedings of Eurocrypt 1987","author":"D. Chaum","year":"1987","unstructured":"David Chaum, Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In David Chaum and Wyn Price, editors, Proceedings of Eurocrypt 1987, volume 0304 of LNCS, pages 127\u2013142. Springer-Verlag, May 1987."},{"key":"25_CR9","doi-asserted-by":"crossref","unstructured":"Ran Canetti, Oded Goldreich, and Shai Halevi. The random oracle methodology, revisited. In Proceedings of the 30th annual ACM symposium on Theory of Computing, pages 209\u2013218. ACM Press, 1998.","DOI":"10.1145\/276698.276741"},{"key":"25_CR10","series-title":"Lect Notes Comput Sci","first-page":"89","volume-title":"Proceedings of Crypto 1992","author":"D. Chaum","year":"1992","unstructured":"David Chaum and Torben Pryds Pedersen. Wallet databases with observers. In Ernest Brickell, editor, Proceedings of Crypto 1992, volume 0740 of LNCS, pages 89\u2013105. Springer-Verlag, August 1992."},{"key":"25_CR11","unstructured":"Jan Camenisch and Markus Stadler. Proof systems for general statements about discrete logarithms. Technical Report 260, Institute for Theoretical Computer Science, ETH Zurich, March 1997."},{"issue":"3","key":"25_CR12","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1145\/357830.357847","volume":"3","author":"R. Cramer","year":"2000","unstructured":"Ronald Cramer and Victor Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security, 3(3):161\u2013185, 2000.","journal-title":"ACM Transactions on Information and System Security"},{"issue":"6","key":"25_CR13","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W. Diffie","year":"1976","unstructured":"Whitfield Diffie and Martin Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644\u2013654, November 1976.","journal-title":"IEEE Transactions on Information Theory"},{"issue":"4","key":"25_CR14","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","volume":"31","author":"T. ElGamal","year":"1985","unstructured":"Taher ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469\u2013472, July 1985.","journal-title":"IEEE Transactions on Information Theory"},{"key":"25_CR15","series-title":"Lect Notes Comput Sci","first-page":"186","volume-title":"Proceedings of Crypto 1986","author":"A. Fiat","year":"1986","unstructured":"Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew Odlyzko, editor, Proceedings of Crypto 1986, volume 0263 of LNCS, pages 186\u2013194. Springer-Verlag, August 1986."},{"key":"25_CR16","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/3-540-48910-X_9","volume-title":"Proceedings of Eurocrypt 1999","author":"R. Gennaro","year":"1999","unstructured":"Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Jacques Stern, editor, Proceedings of Eurocrypt 1999, volume 1592 of LNCS, pages 123\u2013139. Springer-Verlag, May 1999."},{"issue":"2","key":"25_CR17","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"Shafi Goldwasser, Silvio Micali, and Ronald Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281\u2013308, 1988.","journal-title":"SIAM Journal on Computing"},{"key":"25_CR18","doi-asserted-by":"crossref","unstructured":"Markus Jakobsson and Claus-Peter Schnorr. Efficient oblivious proofs of correct exponentiation. In Bart Preneel, editor, Proceedings of the IFIP Conference on Communications and Multimedia Security 1999, volume 152, pages 71\u201386. Kluwer, September 1999.","DOI":"10.1007\/978-0-387-35568-9_5"},{"issue":"4","key":"25_CR19","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1007\/s00145-001-0009-4","volume":"14","author":"A. Lenstra","year":"2001","unstructured":"Arjen Lenstra and Eric Verheul. Selecting cryptographic key sizes. Journal of Cryptology, 14(4):255\u2013293, 2001.","journal-title":"Journal of Cryptology"},{"issue":"1","key":"25_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-001-0005-8","volume":"15","author":"S. Micali","year":"2002","unstructured":"Silvio Micali and Leonid Reyzin. Improving the exact security of digital signature schemes. Journal of Cryptology, 15(1):1\u201318, 2002.","journal-title":"Journal of Cryptology"},{"issue":"5","key":"25_CR21","doi-asserted-by":"publisher","first-page":"1689","DOI":"10.1137\/S0097539796302749","volume":"28","author":"U. Maurer","year":"1999","unstructured":"Ueli Maurer and Stefan Wolf. The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms. SIAM Journal on Computing, 28(5):1689\u20131721, 1999.","journal-title":"SIAM Journal on Computing"},{"key":"25_CR22","unstructured":"NIST. Digital Signature Standard (DSS). Publication 196, Federal Information Processing Standards, November 1994."},{"key":"25_CR23","doi-asserted-by":"crossref","unstructured":"Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st annual ACM symposium on Theory of Computing, pages 33\u201343. ACM Press, 1989.","DOI":"10.1145\/73007.73011"},{"key":"25_CR24","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1007\/BFb0055741","volume-title":"Proceedings of Crypto 1998","author":"K. Ohta","year":"1998","unstructured":"Kazuo Ohta and Tatsuaki Okamoto. On concrete security treatment of signatures derived from identification. In Hugo Krawczyk, editor, Proceedings of Crypto 1998, volume 1462 of LNCS, pages 354\u2013369. Springer-Verlag, August 1998."},{"key":"25_CR25","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/3-540-44586-2_8","volume-title":"Proceedings of PKC 2001","author":"T. Okamoto","year":"2001","unstructured":"Tatsuaki Okamoto and David Pointcheval. The Gap-Problems: A new class of problems for the security of cryptographic schemes. In Kwangjo Kim, editor, Proceedings of PKC 2001, volume 1992 of LNCS, pages 104\u2013118. Springer-Verlag, February 2001."},{"key":"25_CR26","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Proceedings of Eurocrypt 1996","author":"D. Pointcheval","year":"1996","unstructured":"David Pointcheval and Jacques Stern. Security proofs for signature schemes. In Ueli Maurer, editor, Proceedings of Eurocrypt 1996, volume 1070 of LNCS, pages 387\u2013398. Springer-Verlag, May 1996."},{"key":"25_CR27","doi-asserted-by":"crossref","unstructured":"J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd annual ACM symposium on Theory of Computing, pages 387\u2013394. ACM Press, 1990.","DOI":"10.1145\/100216.100269"},{"key":"25_CR28","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Proceedings of Crypto 1989","author":"C.-P. Schnorr","year":"1989","unstructured":"Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Proceedings of Crypto 1989, volume 0435 of LNCS, pages 239\u2013252. Springer-Verlag, August 1989."},{"key":"25_CR29","series-title":"Lect Notes Comput Sci","first-page":"1","volume-title":"Proceedings of Eurocrypt 1998","author":"V. Shoup","year":"1998","unstructured":"Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosen ciphertext attack. In Kaisa Nyberg, editor, Proceedings of Eurocrypt 1998, volume 1403 of LNCS, pages 1\u201316. Springer-Verlag, May 1998."},{"key":"25_CR30","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1007\/3-540-69053-0_18","volume-title":"Proceedings of Eurocrypt 1997","author":"V. Shoup","year":"1997","unstructured":"Victor Shoup. Lower bounds for discrete logarithms and related problems. In Walter Fumy, editor, Proceedings of Eurocrypt 1997, volume 1233 of LNCS, pages 256\u2013266. Springer-Verlag, May 1997."},{"key":"25_CR31","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/3-540-44647-8_21","volume-title":"Proceedings of Crypto 2001","author":"A. Shamir","year":"2001","unstructured":"Adi Shamir and Yael Tauman. Improved online\/offline signature schemes. In Joe Killian, editor, Proceedings of Crypto 2001, volume 2139 of LNCS, pages 355\u2013367. Springer-Verlag, August 2001."}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2014 EUROCRYPT 2003"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-39200-9_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,2]],"date-time":"2019-05-02T00:09:28Z","timestamp":1556755768000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-39200-9_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540140399","9783540392002"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/3-540-39200-9_25","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2003]]}}}