AustralieFrV1, PascalFrancis, Curation, bibRecord, 000651

The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces

Identifieur interne : 000651 ( PascalFrancis/Curation ); précédent : 000650; suivant : 000652

The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces

Auteurs : Edwin El Mahassni [Australie] ; Phong Q. Nguyen [France] ; Igor E. Shparlinski [Australie]

Source :

Lecture notes in computer science [ 0302-9743 ] ; 2001.

RBID : Pascal:01-0424509

Descripteurs français

Pascal (Inist)
- Cryptographie, Signature numérique, Probleme nombre caché, Problème vecteur le plus proche, Somme exponentielle.
Wicri :
- topic : Cryptographie.

English descriptors

KwdEn :
- Closest vector problem, Cryptography, Digital signature, Exponential sum, Hidden number problem.

Abstract

It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.

A01	`01`	`1`		`@0 0302-9743`
A05				`@2 2146`
A08	`01`	`1`	`ENG`	`@1 The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces`
A09	`01`	`1`	`ENG`	`@1 CaLC 2001 : cryptography and lattices : Providence RI, 29-30 March 2001, revised papers`
A11	`01`	`1`		`@1 EL MAHASSNI (Edwin)`
A11	`02`	`1`		`@1 NGUYEN (Phong Q.)`
A11	`03`	`1`		`@1 SHPARLINSKI (Igor E.)`
A12	`01`	`1`		`@1 SILVERMAN (Joseph H.) @9 ed.`
A14	`01`			`@1 Department of Computing, Macquarie University @2 NSW 2109 @3 AUS @Z 1 aut. @Z 3 aut.`
A14	`02`			`@1 École Normale Supérieure, Département d'Informatique 45 rue d'Ulm @2 75005 Paris @3 FRA @Z 2 aut.`
A20				`@1 97-109`
A21				`@1 2001`
A23	`01`			`@0 ENG`
A26	`01`			`@0 3-540-42488-1`
A43	`01`			`@1 INIST @2 16343 @5 354000097011460090`
A44				`@0 0000 @1 © 2001 INIST-CNRS. All rights reserved.`
A45				`@0 23 ref.`
A47	`01`	`1`		`@0 01-0424509`
A60				`@1 P @2 C`
A61				`@0 A`
A64	`01`	`1`		`@0 Lecture notes in computer science`
A66	`01`			`@0 DEU`
A66	`02`			`@0 USA`
C01	`01`		`ENG`	@0 It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
C02	`01`	`X`		`@0 001D04A04E`
C03	`01`	`X`	`FRE`	`@0 Cryptographie @5 04`
C03	`01`	`X`	`ENG`	`@0 Cryptography @5 04`
C03	`01`	`X`	`SPA`	`@0 Criptografía @5 04`
C03	`02`	`X`	`FRE`	`@0 Signature numérique @4 CD @5 96`
C03	`02`	`X`	`ENG`	`@0 Digital signature @4 CD @5 96`
C03	`03`	`X`	`FRE`	`@0 Probleme nombre caché @4 CD @5 97`
C03	`03`	`X`	`ENG`	`@0 Hidden number problem @4 CD @5 97`
C03	`04`	`X`	`FRE`	`@0 Problème vecteur le plus proche @4 CD @5 98`
C03	`04`	`X`	`ENG`	`@0 Closest vector problem @4 CD @5 98`
C03	`05`	`X`	`FRE`	`@0 Somme exponentielle @4 CD @5 99`
C03	`05`	`X`	`ENG`	`@0 Exponential sum @4 CD @5 99`
N21				`@1 295`

A30	`01`	`1`	`ENG`	`@1 Cryptography and lattices. International conference @3 Providence RI USA @4 2001-03-29`

Links toward previous steps (curation, corpus...)

to stream PascalFrancis, to step Corpus: Pour aller vers cette notice dans l'étape Curation :005B06

Links to Exploration step

Pascal:01-0424509

Le document en format XML

<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title>
<author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">INIST</idno>
<idno type="inist">01-0424509</idno>
<date when="2001">2001</date>
<idno type="stanalyst">PASCAL 01-0424509 INIST</idno>
<idno type="RBID">Pascal:01-0424509</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">005B06</idno>
<idno type="wicri:Area/PascalFrancis/Curation">000651</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title>
<author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
</analytic>
<series><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
<imprint><date when="2001">2001</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Closest vector problem</term>
<term>Cryptography</term>
<term>Digital signature</term>
<term>Exponential sum</term>
<term>Hidden number problem</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr"><term>Cryptographie</term>
<term>Signature numérique</term>
<term>Probleme nombre caché</term>
<term>Problème vecteur le plus proche</term>
<term>Somme exponentielle</term>
</keywords>
<keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Cryptographie</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.</div>
</front>
</TEI>
<inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0302-9743</s0>
</fA01>
<fA05><s2>2146</s2>
</fA05>
<fA08 i1="01" i2="1" l="ENG"><s1>The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG"><s1>CaLC 2001 : cryptography and lattices : Providence RI, 29-30 March 2001, revised papers</s1>
</fA09>
<fA11 i1="01" i2="1"><s1>EL MAHASSNI (Edwin)</s1>
</fA11>
<fA11 i1="02" i2="1"><s1>NGUYEN (Phong Q.)</s1>
</fA11>
<fA11 i1="03" i2="1"><s1>SHPARLINSKI (Igor E.)</s1>
</fA11>
<fA12 i1="01" i2="1"><s1>SILVERMAN (Joseph H.)</s1>
<s9>ed.</s9>
</fA12>
<fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</fA14>
<fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20><s1>97-109</s1>
</fA20>
<fA21><s1>2001</s1>
</fA21>
<fA23 i1="01"><s0>ENG</s0>
</fA23>
<fA26 i1="01"><s0>3-540-42488-1</s0>
</fA26>
<fA43 i1="01"><s1>INIST</s1>
<s2>16343</s2>
<s5>354000097011460090</s5>
</fA43>
<fA44><s0>0000</s0>
<s1>© 2001 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45><s0>23 ref.</s0>
</fA45>
<fA47 i1="01" i2="1"><s0>01-0424509</s0>
</fA47>
<fA60><s1>P</s1>
<s2>C</s2>
</fA60>
<fA61><s0>A</s0>
</fA61>
<fA64 i1="01" i2="1"><s0>Lecture notes in computer science</s0>
</fA64>
<fA66 i1="01"><s0>DEU</s0>
</fA66>
<fA66 i1="02"><s0>USA</s0>
</fA66>
<fC01 i1="01" l="ENG"><s0>It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.</s0>
</fC01>
<fC02 i1="01" i2="X"><s0>001D04A04E</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE"><s0>Cryptographie</s0>
<s5>04</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG"><s0>Cryptography</s0>
<s5>04</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA"><s0>Criptografía</s0>
<s5>04</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE"><s0>Signature numérique</s0>
<s4>CD</s4>
<s5>96</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG"><s0>Digital signature</s0>
<s4>CD</s4>
<s5>96</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE"><s0>Probleme nombre caché</s0>
<s4>CD</s4>
<s5>97</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG"><s0>Hidden number problem</s0>
<s4>CD</s4>
<s5>97</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE"><s0>Problème vecteur le plus proche</s0>
<s4>CD</s4>
<s5>98</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG"><s0>Closest vector problem</s0>
<s4>CD</s4>
<s5>98</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE"><s0>Somme exponentielle</s0>
<s4>CD</s4>
<s5>99</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG"><s0>Exponential sum</s0>
<s4>CD</s4>
<s5>99</s5>
</fC03>
<fN21><s1>295</s1>
</fN21>
</pA>
<pR><fA30 i1="01" i2="1" l="ENG"><s1>Cryptography and lattices. International conference</s1>
<s3>Providence RI USA</s3>
<s4>2001-03-29</s4>
</fA30>
</pR>
</standard>
</inist>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Asie/explor/AustralieFrV1/Data/PascalFrancis/Curation

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000651 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Curation/biblio.hfd -nk 000651 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Asie
   |area=    AustralieFrV1
   |flux=    PascalFrancis
   |étape=   Curation
   |type=    RBID
   |clé=     Pascal:01-0424509
   |texte=   The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
}}

This area was generated with Dilib version V0.6.33.
Data generation: Tue Dec 5 10:43:12 2017. Site generation: Tue Mar 5 14:07:20 2024

	Serveur d'exploration sur les relations entre la France et l'Australie
	Attention, ce site est en cours de développement ! Attention, site généré par des moyens informatiques à partir de corpus bruts. Les informations ne sont donc pas validées.

Serveur d'exploration sur les relations entre la France et l'Australie

The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces

The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces

Source :

Descripteurs français

English descriptors

Abstract

Links toward previous steps (curation, corpus...)

Links to Exploration step

Le document en format XML

Pour manipuler ce document sous Unix (Dilib)

Pour mettre un lien sur cette page dans le réseau Wicri