2018 5th International Conference on Electrical and Electronics Engineering
An Advanced Hybrid Technique for Digital Signature Scheme
Hassan M. Elkamchouchi1
Electronics and Communications Dept.
Alexandria University
Alexandria, Egypt
e-mail: helkamchouchi@ hotmail.com
Mahmoud A. Shawky3
Electronics and Communications Dept.
M.Sc. Student, Alexandria, Egypt
e-mail: mahmoudshawky201539@gmail.com
Abstract—Sharing information and data over unsecured
channel is liable for stealing and attacking, as a result
cryptography becomes one of the most indispensable issues
that provides data authentication. In this paper, a new
technique of digital signature scheme has been proposed which
combines elliptic curve cryptosystem (ECC) with Ong, Schnorr
and Shamir signature scheme (OSS). A self-invertible 4×4 key
matrix will be used as apart from OSS signature equations
which will increase the overall security and efficiency against
cryptanalytic attack. Elaborated results in terms of
implementation and security analysis are declared and
approved its strength. The proposed technique can be used as
a secure alternative protocol if known systems are broken.
Keywords-digital signature scheme; discrete logarithm
problem; elliptic curve cryptosystem; OSS signature scheme;
public key cryptography
I. INTRODUCTION
Nowadays, public key cryptosystems have an essential
role in data authentication and privacy. It is a significant
tools that is widely used to obtain a secured communication
system. It can be noticed that a lot of practical algorithms for
digital signature have been introduced since the invention of
the public key cryptography in the late 1970’s. In 1985,
Koblitz and Miller introduced the elliptic curve cryptosystem
[1, 2]. They approved that there exist groups more complex
than the traditional multiplicative group ((Z/pZ)∗ , . ) where
Z is the set of all integers and p is a prime number.
These structures have a great practical effect on public key
cryptography. In the same year, a new digital signature
protocol has been represented by ElGamal which based on
the discrete logarithm problem. Since then, many similar
schemes were elaborated and published [3].
In the other side, classical signature schemes are facing
attacks more and more sophisticated. Strong protocols
previously designed, prepared and tested, would be useful,
if these classical schemes are completely broken [4].
This paper presents a new digital signature protocol
which combines elliptic curve cryptosystem with OSS
signature scheme.
978-1-5386-6392-9/18/$31.00 ©2018 IEEE
Ali E. Takieldeen2
Electronics and Communications Dept.
Delta University
El Mansoura, Egypt
e-mail: a_takieldeen@yahoo.com
An invertible 4×4 key matrix will be used as apart from
OSS signature equations which will increase the overall
diffusion-confusion of bytes thereby increasing the
complexity. For validation of this work a new scheme has
been analyzed and approved its strength.
The residual of this paper is sequenced as follow:
section 2 covers the elliptic curve cryptosystem. The OSS
digital signature is represented in section 3, while, section 4
provides the proposed Digital signature scheme.
Implementation example will be represented in section 5.
Security attacks of the proposed technique are declared
in section 6. Timing performance analysis will be covered
in section 7. Finally the paper is concluded in section 8.
II. ELLIPTIC CURVE CRYPTOSYSTEM
Elliptic Curve Cryptography is an efficient encryption
algorithm [2] which specifies with its capability to provide
high security with fewer computations processes, smaller
key length with lower power consumption and less memory
usage, as a result it has a lot of applications such as
embedded systems, portable devices and mobile devices [3].
A. Definition
The elliptic curve over Z (p > 3) is a set of all pairs
(x, y) ∈ Z which fulfill [4, 5]:
E: y ≡ x + a. x + b (mod p) (1)
where
a, b ∈ Z
and 4. a + 27. b ≠ 0 (mod p) (2)
The elliptic curve group E(Z ) consists of all points
(x, y) that satisfy the elliptic curve E and the point
at the infinity O.
B. Elliptic Curve Operations
This section subscribes the basic operations of elliptic
curve functions. Scalar multiplication is the main basic group
operation on ECC which depends on point addition and point
doubling [5, 6].
375
1) Point Addition & Doubling Step 2: selecting a random number u, where (0 < u < n),
Assume that P = (x , y ) & Q = (x , y ) , where P, Q by computing u (mod n) (7)
are two points lying on the elliptic curve E [7, 8]. k = −u (mod n) (8)
where {k, n} are the public key and u is the secret key.
1. Case 1: P ≠ Q , computing R = P + Q, by drawing
a line through P and Q, then the mirror point of the B. Signature Generation
third interception along the x-axis gives us the addition Given a document m, where (0 < m < n) [8].
of these two points as illustrated in Figure 1(a). Step 1: selecting a random number r, where (0 < r < n).
2. Case 2: P = Q , computing R = P + Q = 2Q, by Step 2: computing x ≡ (r + mr ). 2 (mod n) (9)
drawing tangent line through Q, then the mirror point y ≡ (r − mr ). 2 . u (mod n) (10)
of the second intersection along the x-axis gives the The pair (x, y) forms the signature.
double point of Q as shown in Figure 1(b).
R = (x , y ) C. Signature Verification
where x =λ −x −x (mod p) (3) Given {x, y}, then the verifier had to test whether
y = λ(x − x ) − y (mod p) (4) x + ky = m (mod n) (11)
Proof of Correctness:
and λ= (mod p) if P ≠ Q (5) x + ky ≡ (r + mr ). 2
+ (−u ). (r − mr ). 2 . u
λ= (mod p) if P = Q (6) ≡ 2 [(r + m r + 2m)
− (u . u )(r + m r − 2m)]
≡ 2 (2m + 2m) ≡ m (mod n)
IV. THE PROPOSED DIGITAL SIGNATURE SCHEME
The new digital signature scheme will be introduced
in this section. This modification increases the security and
makes the system more efficient than the original OSS
digital signature, also it will speed up the signature
generation since it doesn’t need to get the key matrix inverse.
The elliptic curve digital signature algorithm (ECDSA)
Figure 1. (a) Point addition [7]. (b) Point doubling [7]. based on ElGamal classical protocol. The verifier (User A)
had to share the domain parameters {a, b, G, p} with the
2) Scalar Multiplication signer (User B), where {a, b} are the elliptic function's
The scalar multiplication of an integer N by the point coefficients and G is the generator point. In our proposed
P = (x , y ) which lies on the curve E can be specified by algorithm, the parameter p = n = next prime number [P×Q],
repeating the addition of the point P to itself N times. which is a large prime number, then each user from {A, B}
The resulted point R will also lies on the curve E [4, 9]: needs to get his private key {n , n } which is a random
R = NP = P + P + ⋯ + P (N times) integer from the interval [1, p-1], then the verifier generates
his public key.
III. THE OSS DIGITAL SIGNATURE P = n .G (12)
Seeking for fast and secure signature scheme is very The signer had to generate the initial key K = (x, y), by
essential, if such scheme is found, it will be used in a lot of multiplying its private key by the public key of the verifier.
important applications within a short time [5]. Ong, Schnorr K = n . P = n . n . G = (x, y) (13)
and Shamir (OSS) designed an efficient signature scheme By computing
based on quadratic equation. The OSS digital signature is K = x. G = (K , K ) (14)
specified with its fast in generation and verification, only two K = y. G = (K , K ) (15)
modular multiplications and one inversion are required for The secret key matrix (r) had to be generated by the user
signature generation, while three modular multiplications (B) and the inverse of this matrix doesn’t always exist, as a
are required for verification. result if the key matrix is not invertible, the digital signature
The strength of this scheme is based on the difficulty of will not able to be computed. To solve this problem, a self-
solving equations in the form of x + ky ≡ m (mod n) , invertible key matrix will be generated (r = r ), then the
where n=PQ is an RSA moduli, m is the plaintext and k is inverse key matrix doesn’t need to be calculated. So, the
the public key. Ong, Schnorr and Shamir proposed that the signer had to produce a 4×4 self-invertible key matrix (r) by
problem of solving this equation is difficult [10]. using the following technique [3, 5]:
K K K K
A. The Public and Private Keys
K K K K
Step 1: selecting n = PQ as in RSA (unlike RSA, everybody r= K K K K
can use the same n, as long as nobody knows K K K K
the factorization).

376
 The self-invertible matrix will be sectioned as 4. Assume that K =
8 19
, then the self-invertible
K K 23 24
r= . The proposed technique considers that 8 19 22 10
K K
K K 23 24 6 6 .
K = , then the values of the other sections can key matrix will be r =
K K 9 19 21 10
be calculated by solving K = I − K , K = I + K 23 25 6 5
and K + K = 0, where I is the identity matrix. 5. Using Euler's Phi Function, then
Then the signer must generate the signature by Φ(PQ) = Φ(25) = 20
calculating the following equations: By selecting u as a random integer number so that
x ≡ (r + mr ). 2 (mod n) (16) the GCD u, Φ(PQ) = 1 , by calculating the private
y ≡ (r − mr ). 2 . u (mod n) (17) key
where (m) is the message to be signed and (r) is the self- u (mod Φ(n)) = 11 (mod 20) = 11.
invertible key matrix (r = r ), so that the GCD(r, n) = 1. 6. Considering the message to be signed m=22, then
The signature {x, y} must be sent back to the verifier, the generated signature will be as follow:
then the verifier had to test whether
x ≡ (r + mr ). 2 (mod n).
x + ky ≡ m (mod n) (18)
8 19 22 10 2 12 20 17
In the next section, an implementation example of our
23 24 6 6 + 13 6 16 16
proposed digital signature will be represented. ≡
9 19 21 10 24 12 27 17
.2 (mod29)
23 25 6 5 13 28 16 23
V. IMPLEMENTATION EXAMPLE 5 1 21 28
Assume that the user (A) wants to verify the signature x≡ 18 15 11 11 .
from user (B) and they agreed to use the elliptic curve 2 1 24 28
function: 18 12 11 14
E: y ≡ x + x + 3 (mod 29)
where a=1, b=3, P = Q = 5, then n = p = next prime number y ≡ (r − mr ). 2 . u (mod n)
[5×5] =29, which satisfies the condition: 8 19 22 10 2 12 20 17
4a + 27b = (4. 1 ) + (27. 3 ) = 247 (mod 29) ≠ 0 ≡ 23 24 6 6 − 13 6 16 16 . 2 . 11 (mod29)
9 19 21 10 24 12 27 17
The order of the elliptic curve E (1, 3) is 34 as shown 23 25 6 5 13 28 16 23
in Table 1, any point from this table can be chosen as the 24 28 8 1
base point G. The domain parameters of E are 18 18 .
{a,b,p,G}={1,3,29,(2,5)}. y ≡ 11 14
27 28 5 1
11 17 18 15
TABLE I. THE DOUBLING POINTS OF EC FUNCTION E (1, 3). The public key k = −u (mod n) = −11 (mod 29) = −5.
(2, 5) (9, 12) (19, 7) (4, 5) (23, 24) 7. The signer must transmit the signature {x, y} and the
(11, 20) (22, 10) (25, 11) (3, 25) (18, 23) public keys {K, n} to the verifier.
(8, 10) (6, 11) (16, 3) (27, 11) (24, 28)
(28, 10) (5, 0) (28, 19) (24, 1) (27, 18) B. Signature Verification
(16, 26) (6, 18) (8, 19) (18, 6) (3, 4) The verifier had to verify the signature by computing:
(25, 18) (22, 19) (11, 9) (23, 5) (4, 24) x + ky ≡ m (mod n)
(19, 22) (9, 17) (2, 24)
5 1 21 28 24 28 8 1
A. Key Generation 18 15 11 11 + 11 14 18 18 . −5 (mod 29)
2 1 24 28 27 28 5 1
Step 1, the verifier had to generate its public key which
18 12 11 14 11 17 18 15
will be sent to the signer to generate the key as follow: 22 0 0 0
1. Choose the private key n = 9 ∈ [1,28]. 0 22 0 0 ≡ m. I, Where I is the identity matrix.
≡
2. Calculate the public key 0 0 22 0
P = n . G = 9(2, 5) = (3, 25). 0 0 0 22

Step 2, the signer had to compute the key which will be
used to generate the self-invertible key matrix as follow:
1. Choose the private key n = 7 ∈ [1,28].
2. Calculate the initial key
K = n . P = (x, y) = 7(3, 25) = (23, 5).
3. Compute
K = x. G = 23(2, 5) = (K , K ) = (8, 19).
K = y. G = 5(2, 5) = (K , K ) = (23, 24).
VI. SECURITY ANALYSIS
In this section, some eventual attack will be discussed
which will represent the strength of our protocol. Assume
that a third party wants to get the signature.
Attack 1: Suppose that a third party tries to forge the
signature by fixing x to any value and looking for the second
parameter y, then finding y requires computing
a square root which is equivalent to factoring n. Similarly,
by fixing y and finding x is equivalent to factoring n. Ong,
Schnorr, and Shamir proposed that the problem of solving
this equation is difficult.

377
 Proof: Let (A) be an algorithm that recovers the secret The strength of our proposed scheme supposes that if
key given the public keys and possibly signature on random a third party knows the message m, the domain parameters of
documents. E which is {a, b, p, G} and the public keys {P , k}, even that
The following steps show the design of a factoring it will be very difficult to compute the self-invertible key
Algorithm (B) based on Algorithm (A) [10]: matrix r, as it will be confronted to the elliptic curves
1. Given n = PQ, where {P, Q} are unknown. discrete logarithm problem.
2. Select a random u, and compute u (mod Φ(n)).
The proposed approach key matrix depends on
3. Signatures on a random documents are required a combination between the integer factorization and the
for algorithm (A) to work, then a random documents discrete logarithm problem, which is very hard to solve these
had to be signed using u as the secret key. types of problems.
4. Calling algorithm (A) with {k, n} as the public keys
and the signatures. VII. TIMING PERFORMANCE ANALYSIS
5. The algorithm (A) generates u such that Timing performance analysis is one of the most
−u ≡ k (mod Φ(n)) (19) important parameters which represents the capability of the
6. With a probability of u ≠ ±u (mod Φ(n)). In these new scheme. The times for our proposed digital signatures
cases, the GCD(u ± u, Φ(n)) > 1, are the two prime generation algorithm were computed and the execution speed
has been measured on a system with AMD A10-5745M
factors of n.
APU with Radeon (tm), HD graphics 2.10 GHz, installed
7. From the previous step, if u ≠ ± (mod Φ(n)) , memory (RAM) is 4.00 GB, system type is Windows 8.1 Pro
then we had to select another u and try again. (64-bit operating system) and the executive program is
8. After t iterations, the probability of finding the Wolfram Mathematica 10.0.
factorization is 1 − 2 .
Attack 2: In 1984, Pollard and Schnorr represented an TABLE II. THE EXECUTION SPEED USING DIFFERENT KEY LENGTHS
efficient solution to congruence [11] x + ky ≡ m(mod n). (BITS)
This solution approved that the difficulty of finding the Signature Generation
secret key is not necessary to ensure that the scheme is Ours ECDSA RSA
secure. This algorithm has been designed to forge signature Key Time Key Time Key Time
Length (Secs) Length (Secs) Length (Secs)
without knowing the secret key u (mod n). 128 0.140625 163 0.15 1024 0.01
1. This algorithm depends on the equality 256 0.171875 233 0.34 2240 0.15
512 0.18547 409 1.18 7680 1.53
(x + ky )(x + ky ) = X + kY (20) 1024 0.2518 571 3.07 15360 9.20
where It can be noticed from the resulted data in Table II that
X = x x ± ky y (21) the small key sizes are beneficial in environments where
Y=x y ∓y x (22) resources such as storage space are limited. In another
It can be noticed from equation (20) that it consists of study [12], the times required for signature generation were
two equations in the form of x + ky ≡ m (mod n). computed with comparable key sizes for ECDSA and RSA.
It can be noticed from Table II that the execution speed of
2. It is possible to replace the roles of {k, m} in the our modification is very fast and our proposed scheme is
equation by the following change of variables: suitable for a lot of practical applications.
x = (mod n) (24)
VIII. CONCLUSION
y = (mod n) (25)
In this paper, a new digital signature scheme has been
By dividing the equation x + ky ≡ m (mod n) represented and approved its strength against various types
by y , the resulted equations will be of attacks. The strength of our proposed algorithm depends
on a combination between the integer factorization and
+k≡ (mod n) (26) the discrete logarithm problem, which is very hard to solve
these types of problems. The experimental results in terms of
x + k ≡ my (mod n) (27) implementation and security analysis have been successfully
done. This method can be seen as a practical alternative
x − my ≡ −k (mod n) (28) system if known protocols are completely broken.
3. Pollard observed that it’s possible to exchange m by a
smaller m in the order of O(√k), such that the solution REFERENCES
for the equation using m provides the solution for the [1] N. Koblitz, “Elliptic curve cryptosystem,” Mathematics of Comp. 48,
original equation using m. pp. 203-209, 1987.
[2] V. Miller, “Uses of elliptic curves in cryptography,” Proceedings
of Crypto'85, Lecture Notes in Computer Science, vol. 218,
pp. 417-426, 1985.

378
[3] Lo’ai Tawalbeh, Moad Mowafi and Walid Aljoby, “Use of Elliptic
Curve Cryptography for Multimedia Encryption,” IET Information
Security, vol. 7, no 2, pp. 67–74, 2012.
[4] Ziad E. Dawahdeh, Shahrul N. Yaakob and Rozmie Razif bin
Othman, “A new image encryption technique combining Elliptic
Curve Cryptosystem with Hill Cipher,” Journal of King Saud
University, Computer and Information Sciences, Available:
http://dx.doi.org/10. 1016/j.jksuci.2017.06.004, 29 June 2017.
[5] Ounasser Abid, Jaouad Ettanfouhi and Omar Khadir, “New Digital
Signature Protocol Based on Elliptic Curve,” International Journal
on Cryptography and Information Security (IJCIS), vol.2, no.4,
pp. 13-19, 12 Jan. 2013.
[6] Darrel Hankerson, Alfred Menezes and Scott Vanstone, “Guide
to elliptic curve cryptography,” Springer-Verlag Professional
Computing Series, pp. 11-12, 2004.
[7] Christof Paar, “Elliptic Curve Cryptosystem,” Applied Cryptography
and Data Security, pp. 126-127, Jan. 2005.
379
[8] Lawrence C. Washington, “Elliptic Curves Number Theory
and Cryptography,”Taylor & Francis Group, Second Edition, 2008.
[9] Laiphrakpam Dolendro Singh and Khumanthem Manglem Singh,
“Implementation of Text Encryption using Elliptic Curve
Cryptography,” Eleventh International Multi-Conference on
Information Processing, vol. 54, pp. 73-82, 2015.
[10] Ong, Schnorr and Shamir, “An Efficient Signature Scheme Based on
Quadratic Equations,” proceedings of the 16’th symposium on theory
of computing, pp. 208–216, 1984.
[11] Pollard and Schnorr, “An efficient solution to the congruence
quadratic equation,” IEEE IT, 1984.
[12] Arrendondo, Brandon and Jansma, Nicholas,” Performance
Comparison of Elliptic Curve and RSA Digital Signatures,”
Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.
1.129.7139&rep=rep1&type=pdf, 28 Apr. 2004.