The Insecurity of the Digital Signature Algorithm with Partially Known Nonces
- 332 Downloads
Here we present the polynomial-time algorithm of  which recovers theprivate keyof the signer if a small portion of bits of the so-callednoncein the Digital Signature Algorithm modulo a primepis known forsignatures.
Unable to display preview. Download preview PDF.