## Schnorr signature## From CryptoDox, The Online Encyclopedia on Cryptography and Information Security
## Choosing parameters- All users of the signature scheme agree on a group
*G*with generator of prime order in which the discrete log problem is hard. Typically a Schnorr group is used. - All users agree on a cryptographic hash function H.
## Key generation- Choose a private key such that
- The public key is where
## SigningTo sign a message M: - Choose a random such that
- Let
- Let
- Let
The signature is the pair . Note that and ; if a Schnorr group is used and , this means that the signature can fit into 40 bytes. ## Verifying- Let
- Let
If then the signature is verified. Public elements: . Private elements: . ## References- C P Schnoor, Efficient identification and signatures for smart cards, in G Brassard, ed. Advances in Cryptology -- Crypto '89, 239-252, Springer-Verlag, 1990. Lecture Notes in Computer Science, nr 435
- Claus-Peter Schnorr, Efficient Signature Generation by Smart Cards, J. Cryptology 4(3), pp161–174 (1991) (PS).
## External Links |