, Volume 21, Issue 1, pp 27-51
Date: 05 Sep 2007

Cryptanalysis of ISO/IEC 9796-1

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We describe two different attacks against the ISO/IEC 9796-1 signature standard for RSA and Rabin. Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message that was never signed by the legitimate signer. The first attack is a variant of Desmedt and Odlyzko’s attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures.