Finding algorithm: desire RSA's uniqueness and ECDSA's space efficiency

Question

I am asking for help in finding a signature algorithm with the following property:

Given a message m and a private key prikey, the result of signing m with prikey is unique (which is stricter than deterministic). In another word, there is only one signature (or finding another one using prikey is securely hard) that can pass the verification by the public key of prikey.
High space efficiency of storing private key and signature.

ECDSA's space efficiency is satisfying, but the signature is not unique; RSA has uniqueness, but is there any alternative with better space efficiency?

ECDSA signatures can be made to enjoy the uniqueness property you require. See http://crypto.stackexchange.com/questions/851/can-ecdsa-signatures-be-safely-made-deterministic — Barack Obama, Sep 17 '14 at 20:51
I think BLS is (or can be made) unique. Its signatures have half the size of ECDSA signatures. — CodesInChaos, Sep 18 '14 at 09:18

score 0 · Accepted Answer · edited Oct 07 '21 at 07:24

0

Yes! There are verifiably pseudorandom functions or VRFs made out of elliptic curves including EC-VRF, related to ECDSA, and VXEdDSA, related to EdDSA. In addition to getting a unique output for each message, the output is a pseudorandom function of the message, and you get a proof of uniqueness.

More references on VRFs.

edited Oct 07 '21 at 07:24

Community

1

answered Feb 21 '19 at 02:52

Squeamish Ossifrage

48,392
3
116
223

Finding algorithm: desire RSA's uniqueness and ECDSA's space efficiency

1 Answers1