The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
Identifieur interne : 00BB47 ( Main/Exploration ); précédent : 00BB46; suivant : 00BB48The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
Auteurs : Edwin El Mahassni [Australie] ; Phong Q. Nguyen [France] ; Igor E. Shparlinski [Australie]Source :
- Lecture notes in computer science [ 0302-9743 ] ; 2001.
Descripteurs français
- Pascal (Inist)
- Wicri :
- topic : Cryptographie.
English descriptors
- KwdEn :
Abstract
It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream PascalFrancis, to step Corpus: 005B06
- to stream PascalFrancis, to step Curation: 000651
- to stream PascalFrancis, to step Checkpoint: 005654
- to stream Main, to step Merge: 00C999
- to stream Main, to step Curation: 00BB47
Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title><author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name><affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1><s2>NSW 2109</s2><s3>AUS</s3><sZ>1 aut.</sZ><sZ>3 aut.</sZ></inist:fA14><country>Australie</country><wicri:noRegion>NSW 2109</wicri:noRegion></affiliation></author><author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name><affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1><s2>75005 Paris</s2><s3>FRA</s3><sZ>2 aut.</sZ></inist:fA14><country>France</country><wicri:noRegion>75005 Paris</wicri:noRegion><placeName><settlement type="city">Paris</settlement><region type="région" nuts="2">Île-de-France</region></placeName></affiliation></author><author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name><affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1><s2>NSW 2109</s2><s3>AUS</s3><sZ>1 aut.</sZ><sZ>3 aut.</sZ></inist:fA14><country>Australie</country><wicri:noRegion>NSW 2109</wicri:noRegion></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">INIST</idno><idno type="inist">01-0424509</idno><date when="2001">2001</date><idno type="stanalyst">PASCAL 01-0424509 INIST</idno><idno type="RBID">Pascal:01-0424509</idno><idno type="wicri:Area/PascalFrancis/Corpus">005B06</idno><idno type="wicri:Area/PascalFrancis/Curation">000651</idno><idno type="wicri:Area/PascalFrancis/Checkpoint">005654</idno><idno type="wicri:explorRef" wicri:stream="PascalFrancis" wicri:step="Checkpoint">005654</idno><idno type="wicri:doubleKey">0302-9743:2001:El Mahassni E:the:insecurity:of</idno><idno type="wicri:Area/Main/Merge">00C999</idno><idno type="wicri:Area/Main/Curation">00BB47</idno><idno type="wicri:Area/Main/Exploration">00BB47</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title><author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name><affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1><s2>NSW 2109</s2><s3>AUS</s3><sZ>1 aut.</sZ><sZ>3 aut.</sZ></inist:fA14><country>Australie</country><wicri:noRegion>NSW 2109</wicri:noRegion></affiliation></author><author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name><affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1><s2>75005 Paris</s2><s3>FRA</s3><sZ>2 aut.</sZ></inist:fA14><country>France</country><wicri:noRegion>75005 Paris</wicri:noRegion><placeName><settlement type="city">Paris</settlement><region type="région" nuts="2">Île-de-France</region></placeName></affiliation></author><author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name><affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1><s2>NSW 2109</s2><s3>AUS</s3><sZ>1 aut.</sZ><sZ>3 aut.</sZ></inist:fA14><country>Australie</country><wicri:noRegion>NSW 2109</wicri:noRegion></affiliation></author></analytic><series><title level="j" type="main">Lecture notes in computer science</title><idno type="ISSN">0302-9743</idno><imprint><date when="2001">2001</date></imprint></series></biblStruct></sourceDesc><seriesStmt><title level="j" type="main">Lecture notes in computer science</title><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Closest vector problem</term><term>Cryptography</term><term>Digital signature</term><term>Exponential sum</term><term>Hidden number problem</term></keywords><keywords scheme="Pascal" xml:lang="fr"><term>Cryptographie</term><term>Signature numérique</term><term>Probleme nombre caché</term><term>Problème vecteur le plus proche</term><term>Somme exponentielle</term></keywords><keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Cryptographie</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.</div></front></TEI><affiliations><list><country><li>Australie</li><li>France</li></country><region><li>Île-de-France</li></region><settlement><li>Paris</li></settlement></list><tree><country name="Australie"><noRegion><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name></noRegion><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name></country><country name="France"><region name="Île-de-France"><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name></region></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Asie/explor/AustralieFrV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 00BB47 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 00BB47 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Asie
|area= AustralieFrV1
|flux= Main
|étape= Exploration
|type= RBID
|clé= Pascal:01-0424509
|texte= The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
}}
| This area was generated with Dilib version V0.6.33. |  |