Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces
| |
|
The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces
Edwin El Mahassni5  , Phong Q. Nguyen6 and Igor E. Shparlinski7
| (5) |
Department of Computing, Macquarie University, NSW, 2109, Australia |
| (6) |
Département d’Informatique, École Normale Supérieure, 45 rue d’Ulm, 75005 Paris, France |
| (7) |
Department of Computing, Macquarie University, NSW, 2109, Australia |
Abstract
It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice
attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants
of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
Keywords DSA - Closest Vector Problem - Hidden Number Problem - Exponential Sums
Part of this work is an output of the “Turbo-signatures” project, supported by the French Ministry of Research.
Work supported in part by the Australian Research Council.
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|