Specifies two randomized digital signature schemes giving message recovery. The security of both schemes is based on the difficulty of the discrete logarithm problem. The first scheme is defined on a prime field and the second one on an elliptic curve. Also defines a redundancy scheme using hash-codes and specifies how the basic signature schemes are to be combined with the redundancy scheme. Also defines an optional control field in the hash-token, which can provide added security to the signature.