Introduction to ECAO/ECAOS
In 1999, NTT developed the digital signature scheme called ECAO (Elliptic Curve Abe-Okamoto signature) based on the elliptic curve discrete logarithm problem, in which the confidence of security was proven mathematically. Subsequently, ECAOS (Elliptic Curve Abe-Okamoto-Suzuki signature) was developed in 2008, which can handle variable length recoverable message, as an improvement of ECAO.
ECAO and ECAOS can mathematically prove the confidence of security under the assumptions that the output of hash functions is random and that the elliptic curve discrete logarithm problem is difficult. Furthermore, since even a short key length guarantees more than enough security, compared to RSA and other ciphers, faster implementation can be achieved.
Specifications for ECAO/ECAOS