Title: "An analysis of DSA and ECDSA without generic groups"
Speaker: Manuel Fersch, Technical University of Bochum
Arguably, the digital signature schemes most widely deployed in practice are the Digital Signature Algorithm (DSA) and its variant ECDSA defined over Elliptic Curves. This is in sharp contrast to the absence of a rigorous security analysis. Previous considerations either consider modified versions of (EC)DSA or provide a security analysis of unmodified ECDSA in the generic group model. The latter result has been criticized due to the fact that it actually proves strong unforgeability, a security property that ECDSA does not possess. There is no known security analysis that applies to DSA.
In our paper we propose GenericDSA, a signature framework which subsumes both DSA and ECDSA in unmodified form. It carefully models the “modulo q” conversion function of (EC)DSA as a composition of three independent functions. The two outer functions mimic algebraic properties in the function’s domain and range, the inner one is modeled as a random bijection. We prove several results about the unforgeability of GenericDSA implying that forging signatures in DSA and ECDSA is as hard as solving discrete logarithms, making only reasonable assumptions to the hash function. Our results do not involve any generic group assumption.