What has changed in ISO 9796-2 ?

I notice that ISO/IEC 9796-2:2002 has recently been revised by ISO/IEC
9796-2:2002/Amd 1:2008

Anyone has a sketch of the changes ?

François Grieu

Background: ISO 9796-2 is an international standard on a digital
signature scheme with message recovery; it is based based on the RSA
and Rabin cryptosystmems, and some hash function. The scheme has the
nice property that the increase in data size due to the signing
process is kept low (often: the hash size plus 2 bytes), whereas
PKCS#1 signing increases the data size by a modulus size. It inherits
fast signature verification from the underlying RSA and Rabin
ISO/IEC 9796-2:1997 is simple, and widely used in the industry (e.g.
banking, european tachograph smart cards..), but lacks provable
security and indeed has some security concerns should an adversary be
in a position to obtain the signature of many chosen messages. ISO/IEC
9796-2:2002 has introduced new modes with some level of provable
security even in this setup.

Relevant Pages

  • Re: Symantec Gateway Security
    ... I am the QA Manager for the IDS portion of the Symantec Gateway Security ... You can enable or disable each signature. ...
  • RE: "This file may not be safe" messaage after converting db from access 97 to 2003.
    ... You may see the following warning when opening a file, if the macro ... Access cannot open the file due to security restrictions. ... You may also see other similar warnings about your file not being safe. ... The source of the macro and the status of the signature (digital signature: ...
  • Re: Question for the math wizards...
    ... >Well I mean we'd all want a 1-bit signature with a billion bit security. ... My design answered two issues which were making it easy ... to change the key scheme and the primary limit of 125 bit signature. ...
  • Re: Network hardware IPS
    ... > from security companies that fund alot of research into vulndev and they ... > consider their sigs to be company secrets. ... I'm not saying that a very well researched and tested signature ... Security Engineer - Technical Services ...
  • Re: Digital Signature Standards
    ... >>What about the eeeevil DSA subliminal channels? ... One advantage of such schemes is that signature verification is ... Drawback is that big modulus is necessary for long term security, ... Bellare M., Rogaway P. ...