A New Signature Protocol Based on RSA and Elgamal Scheme

In this paper, we present a new signature scheme based on factoring and discrete logarithm problems. Derived from a variant of ElG amal signature protocol and the RSA algorithm, this method can be seen as an alternative protocol if known systems are broken.


INTRODUCTION
In 1977, Rivest, Shamir, and Adleman [ 6 ] described the famous RSA algorithm which is based on the presumed difficulty of factoring large integers. In 1985, ElGamal [2] proposed a signature digital protocol that uses the hardness of the discrete logarithm problem [ 5 p.116 , 7 p. 213 , 8 p. 228 ]. Since then, many similar schemes were elaborated and published [1,3 ].
Among them, a new variant was conceived in 2010 by the second author [ 4 ].In this work, we apply a combination of the new variant of Elgamal and RSA algorithm to build a secure digital signature. The efficiency of the method is discussed and its security analyzed.
The paper is organised as follows: In section 2, we describe the basic ElGamal digital signature algorithm and its variant. Section 3 is devoted to our new digital signature method. We end with the conclusion in section 4.
In the paper, we will respect ElGamal work notations [3]. N , Z are respectively the sets of integers and non-negative integers. For every positive integer n , we denote by Z Z n / the finite ring of modular integers and by * ) / ( Z Z n the multiplicative group of its invertible elements. Let a , b , c be three integers. The GCD of a and b is written as ) , ( b a gcd . We write if a is the rest in the division of b by c . The bit length of n is the number of bits in its binary model, with n an integer .We start by presenting the basic ElGamal digital signature algorithm and its variant: Electronic copy available at: https://ssrn.com/abstract=3399476

ELGAMAL SIGNATURE SCHEME
In this section we recall ElGamal signature scheme [2] and its variant [4].

Alice chooses three numbers:
p , a large prime integer.
α , a primitive root of the finite multiplicative group 3. To sign the document m , Alice must solve the problem: (1) where s r, are the unknown variables.
Alice fixes arbitrary r to be k r α = mod p , where k is chosen randomly and invertible modulo 1 − p . Equation (1) is then equivalent to: (2) Since Alice has the secret key x , and as the number k is invertible modulo 1 − p , she calculates the other unknown variable s by (3) 4. Bob can verify the signature by checking if congruence (1) is valid for the variables r and s given by Alice.

VARIANT OF ELGAMAL SIGNATURE SCHEME
We present a variant of ElGamal digital signature system.

DESCRIPTION
In this section, we describe our new digital signature. The protocol is based simultaneously on two hard problems.
We assume first that h is a public secure hash function like SHA1 [ , p , q are three primes.
α , a primitive root of the multiplicative group * ) / ( Z Z p . -Element e is the public exponent in the RSA cryptosystem.
We propose the following protocol: If Alice wants to sign the message M , she must give a solution for the modular equation: mod p , and r , s , t are unknown.
To solve equation (5) , Alice starts by putting: (8) Equation (5)  Then with her RSA private key she solves equations (7) and (8) . The cupel r and s is her signature for the message M .
Bob or anybody can check that the signature is valid by replacing r , s and t in relation (5) .

EXAMPLE
Let us illustrate the method by the following example.

SECURITY ANALYSIS
Now that we have presented the protocol, we will discuss some possible attacks. Assume that Oscar is Alice's opponent.

ATTACK 1:
If the attacker try to imitate the computation made by Alice, he can find r and s , but to find t he needs the value of the private key x to solve equation 4 .

ATTACK 2:
Suppose Oscar is capable to solve the discrete logarithm problem [2]. He cannot calculate r and s from equation (7) and (8) he will be confronted to the factorisation of a large composite modulus [5,8].
ATTACK 3: Suppose Oscar is capable to solve RSA equations (7) and (8) . Oscar cannot get t from equation (9) since x is Alice's secret key. If he tries to get t from equation (4) , he will be stopped by the discrete logarithm problem.

SIGNATURE COMPLEXITY
To sign the message M , Alice must compute the six parameters:

CONCLUSION
In this work, we proposed a new signature protocol that can be an alternative if old systems are broken. Our method is based simultanyously on RSA cryptosystem and DLP.