GMR (signature process)

GMR is a digital signature process that is named after its inventors Shafi Goldwasser , Silvio Micali and Ronald L. Rivest .

Like RSA , GMR is based on the factoring assumption that there are bijective functions that can be calculated quickly, but for which the calculation of the inverse function is very time-consuming.
In contrast to RSA, however, it can be proven for GMR that even in the case of an adaptive active attack it is not possible to forge even a new signature.

The procedure in detail

You need a collision-resistant pair of permutations with a secret with the domain of definition . The owner of the secret can calculate the inverse functions and easily. It's difficult for everyone else. ${\ displaystyle f_ {0} ^ {}, f_ {1} ^ {}}$ ${\ displaystyle D}$ ${\ displaystyle f_ {0} ^ {- 1}}$ ${\ displaystyle f_ {1} ^ {- 1}}$

In order to sign a single message, the sender must choose a reference at random and publish it authentically. In order to sign an n-bit message , it calculates the signature . The receiver can calculate the inverse function of this and compare the result with the reference. ${\ displaystyle D}$ ${\ displaystyle m_ {1}, m_ {2}, ..., m_ {n}}$ ${\ displaystyle f_ {m_ {1}} ^ {- 1} (f_ {m_ {2}} ^ {- 1} (.. f_ {m_ {n}} ^ {- 1} (R) ..)) }$

Obviously the problem is to publish a new reference for each message. This is done with reference trees.

Individual evidence

↑ Shafi Goldwasser, Silvio Micali and Ronald L. Rivest: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks . ( psu.edu ).

[1] Shafi Goldwasser, Silvio Micali and Ronald L. Rivest: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks . ( psu.edu ).