Lattice Attacks on Digital Signature Schemes
- 379 Downloads
We describe a lattice attack on the Digital Signature Algorithm (DSA) when used to sign many messages, mi, under the assumption that a proportion of the bits of each of the associated ephemeral keys, yi, can be recovered by alternative techniques.
Unable to display preview. Download preview PDF.
- 1.L. Babai, On Lovász lattice reduction and the nearest point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.Google Scholar
- 2.D. Boneh and G. Durfee, Cryptanalysis of RSA with private key of less than N0.292. Advances in Cryptology, EUROCRYPT' 99 (J. Stern, ed.), volume 1592, Lecture Notes in Computer Science, Springer-Verlag (1999) pp. 1–11.Google Scholar
- 3.D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology, CRYPTO' 96 (N. Koblitz, ed.), volume 1109, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 129–142.Google Scholar
- 4.D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known. Advances in Cryptology, EUROCRYPT' 96 (U. Maurer, ed.), volume 1070, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 178–189.Google Scholar
- 5.D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. of Cryptology, Vol. 10 (1997) pp. 233–260.Google Scholar
- 6.T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. 31 (1985) pp. 469–472.Google Scholar
- 7.N. Howgrave-Graham, Finding small roots of univariate modular equations revisited, Proc. of Cryptography and Coding (Lect. Notes in Comp. Sci., Vol. 1355), Springer-Verlag (1997) pp. 131–142.Google Scholar
- 8.N. Howgrave-Graham, Computational mathematics inspired by RSA, PhD. Thesis, University of Bath (1999).Google Scholar
- 9.N. Howgrave-Graham and J-P. Seifert, Extending Wiener's attack in the presence of many decrypting exponents, Secure Networking—CQRE [Secure]' 99, (Lect. Notes in Comp. Sci., Vol. 1740), Springer-Verlag (1999) pp. 153–166.Google Scholar
- 10.A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann., Vol. 261 (1982) pp. 515–534.Google Scholar
- 11.V. Shoup, NTL: A Library for doing Number Theory http://www.shoup.net/Google Scholar