### Table 1. Comparison of signature schemes

2004

"... In PAGE 13: ... Signature schemes comparison Examining the specific characteristics of various signature schemes, we can identify a compa- rative advantage of the proposed cumulative notarization scheme in terms of security and usa- bility. The comparison of various schemes presented in Table1 demonstrates that the propo- sed scheme keeps the strong security characteristics of digital signatures, while it addresses the issues of trust and technology refreshing as a whole, resulting in a long lifespan. ... ..."

Cited by 6

### Table 4: Signing and verifying times (ms) of di erent signature schemes.

"... In PAGE 8: ... In the following, a performance comparison between eFFS and four other signature schemes (RSA, DSA, ElGamal and Ra- bin), and the performance of the adjustable and incremental veri cation are presented. Table4 shows the signing and veri cation times for a 16-byte message.6 DSA and ElGa- mal have been designed to achieve e cient signing (e.... In PAGE 9: ... and RSA and Rabin have been designed to achieve e cient veri cation. From Table4 , note that the signing operations of DSA and ElGamal, with times from 3.9 to 18.... ..."

### Table 21: Signing and verifying times (ms) of di erent signature schemes.

"... In PAGE 22: ...Table 21: Signing and verifying times (ms) of di erent signature schemes. Table21 shows the signing and veri cation times for a 16-byte message (digest).15 DSA and ElGamal have been designed to achieve e cient signing (e.... In PAGE 22: ...lGamal have been designed to achieve e cient signing (e.g., for use in smartcard applications), and RSA and Rabin have been designed to achieve e cient veri cation. From Table21 , note that the signing operations of DSA and ElGamal, with times from 3.9 to 18.... ..."

### Table 8: Signing and verifying times (ms) of di erent signature schemes.

"... In PAGE 20: ...Table 8: Signing and verifying times (ms) of di erent signature schemes. Table8 shows the signing and veri cation times for a 16-byte message (digest). DSA and ElGamal have been designed to achieve e cient signing (e.... In PAGE 20: ...lGamal have been designed to achieve e cient signing (e.g., for use in smartcard applications), and RSA and Rabin have been designed to achieve e cient veri cation. From Table8 , note that the signing operations of DSA and ElGamal, with times from 3.9 to 18.... ..."

### Table 1: Shortened and E#0Ecient Digital Signature Schemes

1998

"... In PAGE 7: ...x mod p from r, s, g, p and y a and then check whether hash#28k;m#29 is identical to r. Table1 shows two shortened versions of DSS, which are denoted by SDSS1 and SDSS2 respectively. Here are a few remarks on the table: 1.... In PAGE 36: ...3.2.2 Comparison with Beller-Yacobi Protocol The next protocol we examine is an e#0Ecient proposal by Beller and Yacobi #5B6#5D. Their proto- col is brie#0Dy summarized in Table1 0, using notations consistent with those for signcryption schemes. As is the case for our proposals based on signcryption, here it is assumed too that public key certi#0Ccates have already been transferred prior to an execution of the protocol.... In PAGE 37: ...Bob K 2 R f0; 1g ` k c 1 = K 3 mod n B #29 c 1 #29 Extract K from c 1 by using the decryption key associated with the RSA composite n B Decrypt c 2 and verify the format of the message #28 c 2 #28 Choose a random m c 2 = E K #28m; 0 t #29 Compute ElGamal signature #28v;w#29on#28m; etc#29 c 3 = E K #28v; w; etc#29 #29 c 3 #29 Decrypt c 3 and verify #28v;w#29 Table1 0: Beller-Yacobi Authenticated Key Transport Protocol Protocols Comp. Cost #23 of exp.... In PAGE 37: ... + Only when Alice knows whom to communicate with. Table1 1: Comparison with Beller-Yacobi Protocol... In PAGE 46: ... These signcryption schemes are called ECSCS1 and ECSCS2 respectively. Similarly to elliptic curve signature schemes described in Table1 2, points on an elliptic curve, namely vP a , uP a + urG and uG + urP a , are regarded as binary strings when involved in hashing. The bind info part in the computation of r contains, among other data items, identi#0Ccation information of Bob the recipient such as his public key or public key certi#0Ccate.... In PAGE 47: ... P a : Alice apos;s public key #28P a = v a G, a pointonC#29. Table1 2: Elliptic Curve DSS and Its Shortened and E#0EcientVariants Parameters public to all: C | an elliptic curveover GF #28p m #29, either with p #3E = 2 150 and m =1 or p = 2 and m #3E = 150 #28public to all#29. q | a large prime whose size is approximately of jp m j #28public to all#29.... In PAGE 47: ... P b | Bob apos;s public key #28P b = v b G, a pointonC#29. Table1 3: Parameters for Elliptic Curve Signcryption... In PAGE 48: ... #29 c; r;s #29 u=sv b mod q #28k 1 ;k 2 #29=hash#28uP a + urG#29 if SECDSS1 is used, or #28k 1 ;k 2 #29=hash#28uG + urP a #29 if SECDSS2 is used. m = D k 1 #28c#29 Accept m only if KH k 2 #28m; bind info#29=r Table1 4: Implementations of Signcryption on Elliptic Curves We note that the #5Csquare-and-multiply quot; method for fast exponentiation can be adapted to a #5Cdoubling-and-addition quot; method for the fast computation of a multiple of a pointon an elliptic curve. Namely a multiple can be obtained in about 1:5jqj point additions.... ..."

### Table 12. Signing and verifying times (ms) of different signature schemes.

"... In PAGE 11: ...2. Signing and verification times Table12 shows the signing and verification times for a 16-byte message (digest).14 DSA and ElGamal have been designed to achieve efficient signing (e.... In PAGE 11: ...esigned to achieve efficient signing (e.g., for use in smart- card applications), and RSA and Rabin have been designed to achieve efficient verification. From Table12 , note that the signing operations of DSA and ElGamal, with times 13Such signing keys are indeed too large for small devices, such as smartcards, but it is unlikely that these devices would generate flows. 14We use e=3 in RSA to obtain its fastest verification time without af- fecting its signing time.... ..."

### Table 12. Signing and verifying times (ms) of different signature schemes.

"... In PAGE 11: ...2. Signing and verification times Table12 shows the signing and verification times for a 16-byte message (digest).14 DSA and ElGamal have been designed to achieve efficient signing (e.... In PAGE 11: ...esigned to achieve efficient signing (e.g., for use in smart- card applications), and RSA and Rabin have been designed to achieve efficient verification. From Table12 , note that the signing operations of DSA and ElGamal, with times 13Such signing keys are indeed too large for small devices, such as smartcards, but it is unlikely that these devices would generate flows. 14We use e=3 in RSA to obtain its fastest verification time without af- fecting its signing time.... ..."

### Table 1. Cost of the signature generation phase in the blind threshold signature scheme and that in the underlying blind signature scheme.

"... In PAGE 14: ... We will use as a measure the number of modular exponentiations and that of modular inverses required by a single player during execution of our signature generation protocol. Table1 shows a comparison between the blind threshold signature scheme and its underlying blind signature scheme. In this table, Scheme 1 denotes the blind threshold signature scheme described in Section 4, and Scheme 1* denotes its corresponding underlying blind signature scheme.... ..."

### Table 3.5: The (tail-truncated) distributions for a select group of words. The distributions were learned from a collection of personal emails.

2001

Cited by 2