The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
Identifieur interne :
000651 ( PascalFrancis/Curation );
précédent :
000650;
suivant :
000652
The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
Auteurs : Edwin El Mahassni [
Australie] ;
Phong Q. Nguyen [
France] ;
Igor E. Shparlinski [
Australie]
Source :
-
Lecture notes in computer science [ 0302-9743 ] ; 2001.
RBID : Pascal:01-0424509
Descripteurs français
English descriptors
Abstract
It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
pA |
A01 | 01 | 1 | | @0 0302-9743 |
---|
A05 | | | | @2 2146 |
---|
A08 | 01 | 1 | ENG | @1 The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces |
---|
A09 | 01 | 1 | ENG | @1 CaLC 2001 : cryptography and lattices : Providence RI, 29-30 March 2001, revised papers |
---|
A11 | 01 | 1 | | @1 EL MAHASSNI (Edwin) |
---|
A11 | 02 | 1 | | @1 NGUYEN (Phong Q.) |
---|
A11 | 03 | 1 | | @1 SHPARLINSKI (Igor E.) |
---|
A12 | 01 | 1 | | @1 SILVERMAN (Joseph H.) @9 ed. |
---|
A14 | 01 | | | @1 Department of Computing, Macquarie University @2 NSW 2109 @3 AUS @Z 1 aut. @Z 3 aut. |
---|
A14 | 02 | | | @1 École Normale Supérieure, Département d'Informatique 45 rue d'Ulm @2 75005 Paris @3 FRA @Z 2 aut. |
---|
A20 | | | | @1 97-109 |
---|
A21 | | | | @1 2001 |
---|
A23 | 01 | | | @0 ENG |
---|
A26 | 01 | | | @0 3-540-42488-1 |
---|
A43 | 01 | | | @1 INIST @2 16343 @5 354000097011460090 |
---|
A44 | | | | @0 0000 @1 © 2001 INIST-CNRS. All rights reserved. |
---|
A45 | | | | @0 23 ref. |
---|
A47 | 01 | 1 | | @0 01-0424509 |
---|
A60 | | | | @1 P @2 C |
---|
A61 | | | | @0 A |
---|
A64 | 01 | 1 | | @0 Lecture notes in computer science |
---|
A66 | 01 | | | @0 DEU |
---|
A66 | 02 | | | @0 USA |
---|
C01 | 01 | | ENG | @0 It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest. |
---|
C02 | 01 | X | | @0 001D04A04E |
---|
C03 | 01 | X | FRE | @0 Cryptographie @5 04 |
---|
C03 | 01 | X | ENG | @0 Cryptography @5 04 |
---|
C03 | 01 | X | SPA | @0 Criptografía @5 04 |
---|
C03 | 02 | X | FRE | @0 Signature numérique @4 CD @5 96 |
---|
C03 | 02 | X | ENG | @0 Digital signature @4 CD @5 96 |
---|
C03 | 03 | X | FRE | @0 Probleme nombre caché @4 CD @5 97 |
---|
C03 | 03 | X | ENG | @0 Hidden number problem @4 CD @5 97 |
---|
C03 | 04 | X | FRE | @0 Problème vecteur le plus proche @4 CD @5 98 |
---|
C03 | 04 | X | ENG | @0 Closest vector problem @4 CD @5 98 |
---|
C03 | 05 | X | FRE | @0 Somme exponentielle @4 CD @5 99 |
---|
C03 | 05 | X | ENG | @0 Exponential sum @4 CD @5 99 |
---|
N21 | | | | @1 295 |
---|
|
pR |
A30 | 01 | 1 | ENG | @1 Cryptography and lattices. International conference @3 Providence RI USA @4 2001-03-29 |
---|
|
Links toward previous steps (curation, corpus...)
- to stream PascalFrancis, to step Corpus: Pour aller vers cette notice dans l'étape Curation :005B06
Links to Exploration step
Pascal:01-0424509
Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title>
<author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">INIST</idno>
<idno type="inist">01-0424509</idno>
<date when="2001">2001</date>
<idno type="stanalyst">PASCAL 01-0424509 INIST</idno>
<idno type="RBID">Pascal:01-0424509</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">005B06</idno>
<idno type="wicri:Area/PascalFrancis/Curation">000651</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</title>
<author><name sortKey="El Mahassni, Edwin" sort="El Mahassni, Edwin" uniqKey="El Mahassni E" first="Edwin" last="El Mahassni">Edwin El Mahassni</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation wicri:level="1"><inist:fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Shparlinski, Igor E" sort="Shparlinski, Igor E" uniqKey="Shparlinski I" first="Igor E." last="Shparlinski">Igor E. Shparlinski</name>
<affiliation wicri:level="1"><inist:fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
<country>Australie</country>
</affiliation>
</author>
</analytic>
<series><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
<imprint><date when="2001">2001</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Closest vector problem</term>
<term>Cryptography</term>
<term>Digital signature</term>
<term>Exponential sum</term>
<term>Hidden number problem</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr"><term>Cryptographie</term>
<term>Signature numérique</term>
<term>Probleme nombre caché</term>
<term>Problème vecteur le plus proche</term>
<term>Somme exponentielle</term>
</keywords>
<keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Cryptographie</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.</div>
</front>
</TEI>
<inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0302-9743</s0>
</fA01>
<fA05><s2>2146</s2>
</fA05>
<fA08 i1="01" i2="1" l="ENG"><s1>The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG"><s1>CaLC 2001 : cryptography and lattices : Providence RI, 29-30 March 2001, revised papers</s1>
</fA09>
<fA11 i1="01" i2="1"><s1>EL MAHASSNI (Edwin)</s1>
</fA11>
<fA11 i1="02" i2="1"><s1>NGUYEN (Phong Q.)</s1>
</fA11>
<fA11 i1="03" i2="1"><s1>SHPARLINSKI (Igor E.)</s1>
</fA11>
<fA12 i1="01" i2="1"><s1>SILVERMAN (Joseph H.)</s1>
<s9>ed.</s9>
</fA12>
<fA14 i1="01"><s1>Department of Computing, Macquarie University</s1>
<s2>NSW 2109</s2>
<s3>AUS</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</fA14>
<fA14 i1="02"><s1>École Normale Supérieure, Département d'Informatique 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20><s1>97-109</s1>
</fA20>
<fA21><s1>2001</s1>
</fA21>
<fA23 i1="01"><s0>ENG</s0>
</fA23>
<fA26 i1="01"><s0>3-540-42488-1</s0>
</fA26>
<fA43 i1="01"><s1>INIST</s1>
<s2>16343</s2>
<s5>354000097011460090</s5>
</fA43>
<fA44><s0>0000</s0>
<s1>© 2001 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45><s0>23 ref.</s0>
</fA45>
<fA47 i1="01" i2="1"><s0>01-0424509</s0>
</fA47>
<fA60><s1>P</s1>
<s2>C</s2>
</fA60>
<fA64 i1="01" i2="1"><s0>Lecture notes in computer science</s0>
</fA64>
<fA66 i1="01"><s0>DEU</s0>
</fA66>
<fA66 i1="02"><s0>USA</s0>
</fA66>
<fC01 i1="01" l="ENG"><s0>It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.</s0>
</fC01>
<fC02 i1="01" i2="X"><s0>001D04A04E</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE"><s0>Cryptographie</s0>
<s5>04</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG"><s0>Cryptography</s0>
<s5>04</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA"><s0>Criptografía</s0>
<s5>04</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE"><s0>Signature numérique</s0>
<s4>CD</s4>
<s5>96</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG"><s0>Digital signature</s0>
<s4>CD</s4>
<s5>96</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE"><s0>Probleme nombre caché</s0>
<s4>CD</s4>
<s5>97</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG"><s0>Hidden number problem</s0>
<s4>CD</s4>
<s5>97</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE"><s0>Problème vecteur le plus proche</s0>
<s4>CD</s4>
<s5>98</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG"><s0>Closest vector problem</s0>
<s4>CD</s4>
<s5>98</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE"><s0>Somme exponentielle</s0>
<s4>CD</s4>
<s5>99</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG"><s0>Exponential sum</s0>
<s4>CD</s4>
<s5>99</s5>
</fC03>
<fN21><s1>295</s1>
</fN21>
</pA>
<pR><fA30 i1="01" i2="1" l="ENG"><s1>Cryptography and lattices. International conference</s1>
<s3>Providence RI USA</s3>
<s4>2001-03-29</s4>
</fA30>
</pR>
</standard>
</inist>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Asie/explor/AustralieFrV1/Data/PascalFrancis/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000651 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Curation/biblio.hfd -nk 000651 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Asie
|area= AustralieFrV1
|flux= PascalFrancis
|étape= Curation
|type= RBID
|clé= Pascal:01-0424509
|texte= The insecurity of Nyberg-Rueppel and other DSA-like Signature schemes with partially known nonces
}}
| This area was generated with Dilib version V0.6.33. Data generation: Tue Dec 5 10:43:12 2017. Site generation: Tue Mar 5 14:07:20 2024 | |