Designs, Codes and Cryptography

, Volume 23, Issue 3, pp 283–290 | Cite as

Lattice Attacks on Digital Signature Schemes

  • N. A. Howgrave-Graham
  • N. P. Smart


We describe a lattice attack on the Digital Signature Algorithm (DSA) when used to sign many messages, mi, under the assumption that a proportion of the bits of each of the associated ephemeral keys, yi, can be recovered by alternative techniques.

digital signatures lattices 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    L. Babai, On Lovász lattice reduction and the nearest point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.Google Scholar
  2. 2.
    D. Boneh and G. Durfee, Cryptanalysis of RSA with private key of less than N0.292. Advances in Cryptology, EUROCRYPT' 99 (J. Stern, ed.), volume 1592, Lecture Notes in Computer Science, Springer-Verlag (1999) pp. 1–11.Google Scholar
  3. 3.
    D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology, CRYPTO' 96 (N. Koblitz, ed.), volume 1109, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 129–142.Google Scholar
  4. 4.
    D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known. Advances in Cryptology, EUROCRYPT' 96 (U. Maurer, ed.), volume 1070, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 178–189.Google Scholar
  5. 5.
    D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. of Cryptology, Vol. 10 (1997) pp. 233–260.Google Scholar
  6. 6.
    T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. 31 (1985) pp. 469–472.Google Scholar
  7. 7.
    N. Howgrave-Graham, Finding small roots of univariate modular equations revisited, Proc. of Cryptography and Coding (Lect. Notes in Comp. Sci., Vol. 1355), Springer-Verlag (1997) pp. 131–142.Google Scholar
  8. 8.
    N. Howgrave-Graham, Computational mathematics inspired by RSA, PhD. Thesis, University of Bath (1999).Google Scholar
  9. 9.
    N. Howgrave-Graham and J-P. Seifert, Extending Wiener's attack in the presence of many decrypting exponents, Secure Networking—CQRE [Secure]' 99, (Lect. Notes in Comp. Sci., Vol. 1740), Springer-Verlag (1999) pp. 153–166.Google Scholar
  10. 10.
    A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann., Vol. 261 (1982) pp. 515–534.Google Scholar
  11. 11.
    V. Shoup, NTL: A Library for doing Number Theory Scholar

Copyright information

© Kluwer Academic Publishers 2001

Authors and Affiliations

  • N. A. Howgrave-Graham
    • 1
  • N. P. Smart
    • 2
  1. 1.T. J. Watson Research CenterIBMHawthorne
  2. 2.Department of Computer ScienceBristol UniversityBristol

Personalised recommendations