A new digital signature scheme which does not use a one-way hash funct
ion is proposed, the security of which is based on the difficulties of
computing discrete logarithms and the performance of which is similar
to those of DSS and RSA. The new scheme can resist both homomorphism
and substitution attacks.