Abstract
We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
T. Beth, M. Frisch, and G.J. Simmons (eds). Public-key Cryptography, State of the Art and Future Directions, volume 578 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 1992.
E. F. Brickell, D. M. Gordon, K. S. McCurley, and D. B. Wilson. Fast exponentiation with precomputation. Advances in Cryptology-EUROCRYPT’ 92, volume 658 of Lecture Notes in Computer Science, pages 200–207, 1993.
E. F. Brickell and K. S. McCurley. An interactive identification scheme based on discrete logarithms and factoring. Journal of Cryptology, 5(1):29–39, 1992.
T. El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. Advances in Cryptology: Proceedings of CRYPTO’ 94, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer-Verlag, 1985.
D. M. Gordon. Designing and detecting trapdoors for discrete log cryptosystems. Advances in Cryptology—CRYPTO’ 92, volume 740 of Lecture Notes in Computer Science, pages 66–75. Springer-Verlag, 1992.
D. M. Gordon. Discrete logarithms in GF(p) using the number field sieve. SIAM J. Disc. Math., 6(1):124–138, February 1993.
G. H. Hardy and E. M. Wright. An introduction to the theory of numbers. Clarendon Press, Oxford, 5th edition, 1979.
L. Harn. Public-key cryptosystem design based on factoring and discrete logarithm. IEE Proc. Comput. Digit. Tech., 141(3):193–195, 1994.
P. Horster, M. Michels, and H. Petersen. Generalized ElGamal signatures for one message block. Technical Report TR-94-3, University of Technology Chemnitz-Zwickau, May 1994.
P. Horster, M. Michels, and H. Petersen. Meta-ElGamal signature schemes using a composite module. Technical Report TR-94-16-E, University of Technology Chemnitz-Zwickau, November 1994.
A. Menezes, M. Qu, and S. Vanstone. Key agreement and the need for authentication. PKS, November 1995.
National Institute of Standards and Technology (NIST). FIPS Publication 186: Digital Signature Standard, May 19, 1994.
S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inform. Theory, IT-24:106–110, January 1978.
R. A. Rueppel, A. K. Lenstra, M. E. Smid, K. S. McCurley, Y. Desmedt, A. Odlyzko, and P. Landrock. Panel discussion: Trapdoor primes and moduli. Advances in Cryptology — EUROCRYPT’ 92, volume 658 of Lecture Notes in Computer Science, pages 194–199. Springer-Verlag, 1993.
S. Saryazdi. An extension to ElGamal public key cryptosystem with a new signature scheme. Communication, Control, and Signal Processing, pages 195–198. Elsevier, 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bleichenbacher, D. (1996). Generating EIGamal Signatures Without Knowing the Secret Key. In: Maurer, U. (eds) Advances in Cryptology — EUROCRYPT ’96. EUROCRYPT 1996. Lecture Notes in Computer Science, vol 1070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68339-9_2
Download citation
DOI: https://doi.org/10.1007/3-540-68339-9_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61186-8
Online ISBN: 978-3-540-68339-1
eBook Packages: Springer Book Archive