Summary: A Provably Secure Nyberg-Rueppel Signature Variant with
Giuseppe Ateniese (firstname.lastname@example.org)
Breno de Medeiros (email@example.com)
This paper analyzes the modified Nyberg-Rueppel signature scheme (mNR), proving it secure
in the Generic Group Model (GM). We also show that the security of the mNR signature is
equivalent (in the standard model) to that of a twin signature , while achieving computational
and bandwidth improvements.
As a provably secure signature scheme, mNR is very efficient. We demonstrate its practical
relevance by providing an application to the construction of a provably secure, self-certified,
identity-based scheme (SCID). SCID schemes combine some of the best features of both PKI-
based schemes (functionally trusted authorities, public keys revocable without the need to
change identifier strings) and ID-based ones (lower bandwidth requirements). The new SCID
scheme matches the performance achieved by the most efficient ones based on the discrete log-
arithm, while requiring only standard security assumptions in the Generic Group Model.
Keywords: Generic Group Model, signature schemes, Nyberg-Rueppel variants, self-certified
Several constructions of digital signatures based on arbitrary one-way functions are known [33, 40].