Journal of Cryptology

, Volume 21, Issue 1, pp 27–51

Cryptanalysis of ISO/IEC 9796-1

  • D. Coppersmith
  • J. S. Coron
  • F. Grieu
  • S. Halevi
  • C. Jutla
  • D. Naccache
  • J. P. Stern
Article

DOI: 10.1007/s00145-007-9007-5

Cite this article as:
Coppersmith, D., Coron, J.S., Grieu, F. et al. J Cryptol (2008) 21: 27. doi:10.1007/s00145-007-9007-5

Abstract

We describe two different attacks against the ISO/IEC 9796-1 signature standard for RSA and Rabin. Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message that was never signed by the legitimate signer. The first attack is a variant of Desmedt and Odlyzko’s attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures.

Keywords

Cryptanalysis ISO/IEC 9796-1 signature standard RSA signatures Rabin signatures Encoding scheme 

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  • D. Coppersmith
    • 1
  • J. S. Coron
    • 2
  • F. Grieu
    • 3
  • S. Halevi
    • 4
  • C. Jutla
    • 4
  • D. Naccache
    • 5
  • J. P. Stern
    • 6
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsUSA
  2. 2.University of LuxembourgLuxembourgLuxembourg
  3. 3.SpirtechParisFrance
  4. 4.IBM T.J. Watson Research CenterHawthorneUSA
  5. 5.Ecole normale supérieureParisFrance
  6. 6.Cryptolog International SASParisFrance

Personalised recommendations