Skip to main content
SpringerLink
Log in

Key substitution attacks revisited: Taking into account malicious signers

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Given a signature sfor some message malong with a corresponding public verification key yin a key substitution attack an attacker derives another verification key \(\overline{y}\)y—possibly along with a matching secret key—such that sis also a valid signature of mfor the verification key \(\overline{y}\). Menezes and Smart have shown that with suitable parameter restrictions DSA and EC-DSA are immune to such attacks. Here, we show that in the presence of a malicious signer key substitution attacks against several signature schemes that are secure in the sense introduced by Menezes and Smart can be mounted. While for EC-DSA such an attack is feasible, other established signature schemes, including EC-KCDSA, can be shown to be secure in this sense.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Baek, J., Kim, K.: Remarks on the Unknown Key-Share Attacks. IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences E83-A(12), 2766–2769 (2000)

  2. Baier, H.: Efficient algorithms for generating elliptic curves over finite fields suitable for use in cryptography. Ph.D. thesis, Technische Universität Darmstadt (2002)

  3. Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: H. Imai, Y. Zheng (eds.) Public Key Cryptography. Second International Workshop on Practice and Theory in Public Key Cryptography, PKC '99, Lecture Notes in Computer Science, vol. 1560, pp. 154–170. Springer (1999)

  4. Boneh, D., Boyen, X.: Short signatures without random oracles. In: C. Cachin, J. Camenisch (eds.) Advances in Cryptology—EUROCRYPT 2004, Lecture Notes in Computer Science, vol. 3027, pp. 56–73. Springer (2004)

  5. Bosma, W., Cannon, J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24, 235–265 (1997)

    Article  MathSciNet  Google Scholar 

  6. Brickell, E., Pointcheval, D., Vaudenay, S., Yung, M.: Design validations for discrete logarithm based signature schemes. In: Y.Z.H. Imai (ed.) Third International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, Lecture Notes in Computer Science, vol. 1751, pp. 276–292. Springer (2000)

  7. Geiselmann, W., Steinwandt, R.: A Key Substitution Attack on SFLASHv3. Journal of Discrete Mathematical Sciences & Cryptography (to appear)

  8. Goldwasser, S., Micali, S., Rivest, R.L.: A “paradoxical” solution to the signature problem. In: Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science, pp. 441–448 (1984)

  9. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17, 281–308 (1988)

    Article  MathSciNet  Google Scholar 

  10. Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: Digital Signatures Using the NTRU Lattice. In: M. Joye (ed.) Topics in Cryptology—CT-RSA 2003: The Cryptographers' Track at the RSA Conference 2003, Lecture Notes in Computer Science, vol. 2612, pp. 122–140. Springer-Verlag Heidelberg (2003)

  11. ISO/IEC 15946-1: Information technology—Security techniques—Cryptographic techniques based on elliptic curves—Part 1: General (2002)

  12. ISO/IEC 15946-2: Information technology—Security techniques—Cryptographic techniques based on elliptic curves—Part 1: Digital Signatures (2002)

  13. Menezes, A., Smart, N.: Security of signature schemes in a multi-user setting. Designs, Codes and Cryptography 33, 261–274 (2004)

    Article  MathSciNet  Google Scholar 

  14. Regulierungsbehörde für Telekommunikation und Post, R.: Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der Signaturverordnung (Übersicht über geeignete Algorithmen). To appear in Bundesanzeiger (2005). At the time of writing available at http://www.regtp.de/imperia/md/conte-nt/tech_reg_t/digisign/198.pdf

  15. Rosa, T.: Key-collisions in (EC)DSA: Attacking Non-repudiation. Cryptology ePrint Archive: Report 2002/129 (2002). At the time of writing available at http://eprint.iacr.org/2002/129/

    Google Scholar 

  16. Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.P.: Flaws in Applying Proof Methodologies to Signature Schemes. In: M. Yung (ed.) Advances in Cryptology—CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, pp. 93–110. Springer (2002)

  17. Tan, C.H.: Key Substitution Attacks on Some Provably Secure Signature Schemes. IEICE Transactions on Fundamentals E87–A(1), 1–2 (2004)

  18. U.S. Department of Commerce, National Institute of Standards and Technology: FIPS PUB 186-2 Digital Signature Standard (DSS) + Change Notice 1 (October 2001) (2000). At the time of writing available electronically at the URL http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf

  19. Vaudenay, S.: Hidden collisions on DSS. In: N. Koblitz (ed.) Advances in Cryptology—CRYPTO '96, Lecture Notes in Computer Science, vol. 1109, pp. 83–88. Springer (1996)

  20. Vaudenay, S.: The Security of DSA and ECDSA. In: Y. Desmedt (ed.) Public Key Cryptography—PKC 2003: 6th International Workshop on Practice and Theory in Public Key Cryptography, Lecture Notes in Computer Science, vol. 2567, pp. 309–323. Springer-Verlag (2003)

  21. Vaudenay, S.: Digital signature schemes with domain parameters. In: V.V.H. Wang, J. Pieprzyk (eds.) Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Lecture Notes in Computer Science, vol. 3108, pp. 188–199. Springer-Verlag (2004)

Download references

Author information

Authors and Affiliations

  1. Institut für Algorithmen und Kognitive Systeme, Arbeitsgruppe Systemsicherheit Prof. Beth, Universität Karlsruhe, Am Fasanengarten 5, 76128, Karlsruhe, Germany

    Jens-Matthias Bohli, Stefan Röhrich & Rainer Steinwandt

Authors
  1. Jens-Matthias Bohli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Röhrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rainer Steinwandt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jens-Matthias Bohli.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bohli, JM., Röhrich, S. & Steinwandt, R. Key substitution attacks revisited: Taking into account malicious signers. Int. J. Inf. Secur. 5, 30–36 (2006). https://doi.org/10.1007/s10207-005-0071-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-005-0071-2

Keywords

Search

Navigation