Abstract
In this note we exhibit some weaknesses in two key certification schemes. We show how a legitimate user can impersonate any other user in an ElGamal-based certification scheme, even if hashing is applied first. Furthermore, we show how anybody can impersonate users of the modular square root key certification scheme, if no hashing occurs before the certification. This shows that it is essential for this certification scheme to hash a message before signing it.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
M. J. Beller, L. F. Chang, and Y. Yacobi, Privacy and authentication on a portable communications system, IEEE GLOBECOM '91 Conference Record, pp. 1922–1927.
E. Brickell and J. DeLaurentis, An Attack on a Signature Scheme Proposed by Okamoto and Shiraishi, Lecture Notes in Computer Science, Vol. 218, Springer-Verlag, Berlin, pp. 28–32.
CY1024 Processor Chip Key Management Applications, Cylink, 1986.
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, 31 (1985), 469–472.
D. M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. Discrete Math., 6 (1993), 124–138.
D. M. Gordon, Designing and detecting trapdoors for discrete log cryptosystems, Proc. Crypto '92, to appear.
D. E. Knuth, The Art of Computer Programming, Vol. II, 2nd edn., Addison-Wesley, Reading, MA, 1981.
J. K. Omura, Private communication, 1991.
M. O. Rabin, Digitalized Signatures and Public-Key Functions as Intractable as Factorization, TR 212, MIT Laboratory for Computer Science, 1979.
D. Seeley, Password cracking: a game of wits, Comm. ACM, 32 (1989), 700–703.
B. Vallée, M. Girault, and Ph. Toffin, How To Break Okamoto's Cryptosystem by Reducing Lattice Bases, Lecture Notes in Computer Science, Vol. 330, Springer-Verlag, Berlin, pp. 281–292.
Author information
Authors and Affiliations
Additional information
Communicated by Gilles Brassard
Rights and permissions
About this article
Cite this article
Lenstra, A.K., Yacobi, Y. User impersonation in key certification schemes. J. Cryptology 6, 225–232 (1993). https://doi.org/10.1007/BF00203818
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00203818