@Article{GMR88,
  author = 	 { Shafi Goldwasser and Silvio Micali and Ronald L. Rivest },
  title = 	 { A digital signature scheme secure against adaptive chosen-message attacks },
  journal = 	 { SIAM J. Computing },
  issn =         { 0097-5397 },                  
  OPTyear = 	 { 1988 },
  OPTmonth = 	 { April },
  date =         { 1988-04 },                  
  volume = 	 { 17 },
  number = 	 { 2 },
  pages = 	 { 281--308 },
  doi =          { 10.1137/0217017 },
  keywords =     { cryptography, digital signatures, factoring, chosen-message attacks,
                   authentication, trap-door permutations, randomization },
  abstract =     {
        We present a digital signature scheme based on the computational difficulty of integer
        factorization.
        \par
        The scheme possesses the novel property of being robust against an adaptive chosen-message
        attack: an adversary who receives signatures for messages of his choice (where each message
        may be chosen in a way that depends on the signatures of previously chosen messages) cannot
        later forge the signature of even a single additional message.  This may be somewhat surprising,
        since in the folklore the properties of having forgery being equivalent to factoring and being
        invulnerable to an adaptive chosen-message attack were considered to be contradictory.
        \par
        More generally, we show how to construct a signature scheme with such properties based on 
        the existence of a ``claw-free'' pair of permutations---a potentially weaker assumption than
        the intractibility of integer factorization.
        \par
        The new scheme is potentially practical: signing and verifying signatures are reasonably
        fast, and signatures are compact.                  
                 },                  
}