The Post-quantum Probabilistic Signature Scheme

In this paper, we present a variant of the standard PSS-R (Probabilistic Signature Scheme with message Recovery) signature scheme, called pqPSS. Our scheme is an RSA-based signature scheme but with a random element generated for each signature process. It is proved secure against chosen message attacks in the random oracle model. Its security level is close to that of RSA. For a random of 5 bits, we have epsilon(R) = 0.96875 epsilon(A), where epsilon(R) is the success probability of a reduction algorithm R that can invert RSA by using an attacker A that breaks pqPSS with probability epsilon(A). We have also the success probability of the simulation independent of the number of signing and hashing oracle queries and it is possible to sign and recover a message with a large size while keeping the size of the random salt also large. This new signature scheme is more secure than PSS-R relatively to all known reductions, but it is less efficient. It is also intended to be used to obtain the integrity and authenticity of GOOSE (Generic Object Oriented Substation Event) messages in the same way as other RSA-based signature schemes such as PSS.