Rabin signature algorithm

In cryptography, the Rabin signature algorithm is a method of digital signature originally proposed by Michael O. Rabin in 1978.^[1]^[2]^[3]

The Rabin signature algorithm was one of the first digital signature schemes proposed. By introducing the use of hashing as an essential step in signing, it was the first design to meet what is now the modern standard of security against forgery, existential unforgeability under chosen-message attack, assuming suitably scaled parameters.

Rabin signatures resemble RSA signatures with exponent $e=2$ , but this leads to qualitative differences that enable more efficient implementation^[4] and a security guarantee relative to the difficulty of integer factorization,^[2]^[3]^[5] which has not been proven for RSA. However, Rabin signatures have seen relatively little use or standardization outside IEEE P1363^[6] in comparison to RSA signature schemes such as RSASSA-PKCS1-v1_5 and RSASSA-PSS.

^ Rabin, Michael O. (1978). "Digitalized Signatures". In DeMillo, Richard A.; Dobkin, David P.; Jones, Anita K.; Lipton, Richard J. (eds.). Foundations of Secure Computation. New York: Academic Press. pp. 155–168. ISBN 0-12-210350-5.
^ ^a ^b Rabin, Michael O. (January 1979). Digitalized Signatures and Public Key Functions as Intractable as Factorization (PDF) (Technical report). Cambridge, MA, United States: MIT Laboratory for Computer Science. TR-212.
^ ^a ^b Bellare, Mihir; Rogaway, Phillip (May 1996). Maurer, Ueli (ed.). The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. Advances in Cryptology – EUROCRYPT ’96. Lecture Notes in Computer Science. Vol. 1070. Saragossa, Spain: Springer. pp. 399–416. doi:10.1007/3-540-68339-9_34. ISBN 978-3-540-61186-8.
^ Bernstein, Daniel J. (January 31, 2008). RSA signatures and Rabin–Williams signatures: the state of the art (Report). (additional information at https://cr.yp.to/sigs.html)
^ Bernstein, Daniel J. (April 2008). Smart, Nigel (ed.). Proving tight security for Rabin–Williams signatures. Advances in Cryptology – EUROCRYPT 2008. Lecture Notes in Computer Science. Vol. 4965. Istanbul, Turkey: Springer. pp. 70–87. doi:10.1007/978-3-540-78967-3_5. ISBN 978-3-540-78966-6.
^ Cite error: The named reference ieee-1363-2000 was invoked but never defined (see the help page).

[rabin1978digsigs-1] Rabin, Michael O. (1978). "Digitalized Signatures". In DeMillo, Richard A.; Dobkin, David P.; Jones, Anita K.; Lipton, Richard J. (eds.). Foundations of Secure Computation. New York: Academic Press. pp. 155–168. ISBN 0-12-210350-5.

[rabin1979lcs-tr-2] Rabin, Michael O. (January 1979). Digitalized Signatures and Public Key Functions as Intractable as Factorization (PDF) (Technical report). Cambridge, MA, United States: MIT Laboratory for Computer Science. TR-212.

[bellare-rogaway1996exactsigs-3] Bellare, Mihir; Rogaway, Phillip (May 1996). Maurer, Ueli (ed.). The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. Advances in Cryptology – EUROCRYPT ’96. Lecture Notes in Computer Science. Vol. 1070. Saragossa, Spain: Springer. pp. 399–416. doi:10.1007/3-540-68339-9_34. ISBN 978-3-540-61186-8.

[djb2008rwsota-4] Bernstein, Daniel J. (January 31, 2008). RSA signatures and Rabin–Williams signatures: the state of the art (Report). (additional information at https://cr.yp.to/sigs.html)

[djb2008rwtight-5] Bernstein, Daniel J. (April 2008). Smart, Nigel (ed.). Proving tight security for Rabin–Williams signatures. Advances in Cryptology – EUROCRYPT 2008. Lecture Notes in Computer Science. Vol. 4965. Istanbul, Turkey: Springer. pp. 70–87. doi:10.1007/978-3-540-78967-3_5. ISBN 978-3-540-78966-6.

[ieee-1363-2000-6] Cite error: The named reference ieee-1363-2000 was invoked but never defined (see the help page).

[1]

[2]

[3]

[4]

[5]

[6]