Abstract:
At CTCrypt 2020 workshop a "short" digital signature scheme was presented. The scheme was made up by three modifications of the scheme described in GOST R 34.10-2012. The security of the "short" signature scheme was considered from the provable security point of view. However no practical variants to attack the scheme were presented, the particular level of bit security was not estimated. In this article we discuss the influence of signature shortening on the security of suggested schemes. Several attacks based on the modifications are presented. Characteristics of the attacks are used to estimate the bit security of the "short" signature scheme.