On Rabin-Type Signatures

  • Marc Joye
  • Jean-Jacques Quisquater
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2260)


This paper specializes the signature forgery by Coron, Naccache and Stern (1999) to Rabin-type systems. We present a variation in which the adversary may derive the private keys and thereby forge the signature on any chosen message. Further, we demonstrate that, contrary to the RSA, the use of larger (even) public exponents does not reduce the complexity of the forgery. Finally, we show that our technique is very general and applies to any Rabin-type system designed in a unique factorization domain, including the Williams’ M 3 scheme (1986), the cubic schemes of Loxton et al. (1992) and of Scheidler (1998), and the cyclotomic schemes (1995).


Rabin-type systems digital signatures signature forgeries factorization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    FIPS 180-1. Secure Hash Standard. Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce, April 1995.Google Scholar
  2. 2.
    IEEE Std 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, August 29, 2000.Google Scholar
  3. 3.
    ISO/IEC 9796. Information technology-Security techniques-Digital signature scheme giving message recovery, 1991.Google Scholar
  4. 7.
    Henri Cohen. A Course in Computational Algebraic Number Theory, volume 138 of Graduate Texts in Mathematics. Springer-Verlag, 1993.Google Scholar
  5. 8.
    Jean-Sébastien Coron, David Naccache, and Julien P. Stern. On RSA padding. In M. Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 1–18. Springer-Verlag, 1999.Google Scholar
  6. 9.
    Wiebren de Jonge and David Chaum. Attacks on some RSA signatures. In H. C. Williams, editor, Advances in Cryptology — CRYPTO’85, volume 218 of Lecture Notes in Computer Science, pages 18–27, 1986.Google Scholar
  7. 10.
    Marc Girault, Philippe Toffin, and Brigitte Vallée. Computation of approximate L-th root modulo n and application to cryptography. In S. Goldwasser, editor, Advances in Cryptology — CRYPTO’88, volume 403 of Lecture Notes in Computer Science, pages 110–117, 1990.Google Scholar
  8. 11.
    Burton S. Kaliski Jr. A layman’s guide to a subset of ASN.1, BER, and DER. RSA Laboratories Technical Note, RSA Laboratories, November 1993. Available at
  9. 12.
    Donald E. Knuth. The Art of Computer Programming, v. 2. Seminumerical Algorithms. Addison-Wesley, 2nd edition, 1981.Google Scholar
  10. 13.
    Kaoru Kurosawa, Toshiya Itoh, and Masashi Takeuchi. Public key cryptosystem using a reciprocal number with the same intractability as factoring a large number. Cryptologia, 12(4):225–233, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  11. 14.
    Arjen K. Lenstra. Generating RSA moduli with a predetermined portion. In K. Ohta and D. Pei, editors, Advances in Cryptology — ASIACRYPT’98, volume 1514 of Lecture Notes in Computer Science, pages 1–10. Springer-Verlag, 1998.CrossRefGoogle Scholar
  12. 15.
    Arjen K. Lenstra and Mark S. Manasse. Factoring with two large primes. Mathematics of Computation, 63:785–798, 1994.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 16.
    J. H. Loxton, David S. Khoo, Gregory J. Bird, and Jennifer Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5(2):139–150, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 17.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  15. 18.
    Peter L. Montgomery. A block Lanczos algorithm for finding dependencies over GF(2). In L. C. Guillou and J.-J. Quisquater, editors, Advances in Cryptology —EUROCRYPT’95, volume 921 of Lecture Notes in Computer Science, pages 106–120, 1995.Google Scholar
  16. 19.
    Michael O. Rabin. Digitized signatures and public-key functions as intractable as factorization. Technical Report LCS/TR-212, M.I.T. Lab. for Computer Science, January 1979.Google Scholar
  17. 20.
    Renate Scheidler. A public-key cryptosystem using purely cubic fields. Journal of Cryptology, 11(2):109–124, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 21.
    Renate Scheidler and Hugh C. Williams. A public-key cryptosystem utilizing cyclotomic fields. Designs, Codes and Cryptography, 6:117–131, 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  19. 22.
    Joseph H. Silverman. A Friendly Introduction to Number Theory. Prentice-Hall, 1997.Google Scholar
  20. 23.
    Robert D. Silverman and David Naccache. Recent results on signature forgery, April 1999. Available at
  21. 24.
    Hugh C. Williams. A modification of the RSA public-key encryption procedure. IEEE Transactions on Information Theory, IT-26(6):726–729, 1980.CrossRefGoogle Scholar
  22. 25.
    ____ Some public-key crypto-functions as intractable as factorization. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology — Proceedings of CRYPTO ’84, volume 196 of Lecture Notes in Computer Science, pages 66–70. Springer-Verlag, 1986.CrossRefGoogle Scholar
  23. 26.
    ____ Some public-key crypto-functions as intractable as factorization. Cryptologia, 9(3):223–237, 1985. An extended abstract appears in [25].zbMATHCrossRefMathSciNetGoogle Scholar
  24. 27.
    ____ An M 3 public key encryption scheme. In H. C. Williams, editor, Advances in Cryptology — CRYPTO’85, volume 218 of Lecture Notes in Computer Science, pages 358–368. Springer-Verlag, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Marc Joye
    • 1
  • Jean-Jacques Quisquater
    • 2
  1. 1.Card Security GroupGemplus Card InternationalGémenos CedexFrance
  2. 2.UCL Crypto GroupUniversié catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations