Advertisement

A New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis

  • Jean Sébastien Coron
  • David Lefranc
  • Guillaume Poupard
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)

Abstract

We describe a new variant of the well known Baby-Step Giant-Step algorithm in the case of some discrete logarithms with a special structure. More precisely, we focus on discrete logarithms equal to products in groups of unknown order. As an example of application, we show that this new algorithm enables to cryptanalyse a variant of the GPS scheme proposed by Girault and Lefranc at CHES 2004 conference in which the private key is equal to the product of two sub-private keys of low Hamming weight. We also describe a second attack based on a known variant of the Baby-Step Giant-Step algorithm using the low Hamming weight of the sub-private keys.

Keywords

Baby-Step Giant-Step algorithm discrete logarithm GPS scheme binary trees low Hamming weight 

References

  1. 1.
    Cohen, H.: A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, vol. 138. Springer, Heidelberg (1993)MATHGoogle Scholar
  2. 2.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  4. 4.
    Girault, M.: Self-Certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    Girault, M., Lefranc, D.: Public Key Authentication with one Single (on-line) Addition. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 413–427. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Guillou, L.C., Quisquater, J.J.: A Practical Zero-knowledge Protocol Fitted to Security Microprocessor Minimizing both Transmission and Memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)Google Scholar
  7. 7.
    Hoffstein, J., Silverman, J.H.: Random Small Hamming Weight Products with Applications to Cryptography. Technical report, NTRU CryptosystemsGoogle Scholar
  8. 8.
    National Institute of Standards and Technologies. Digital Signature Standard (DSS). Federal Information Processing Standards. Publication 186 (November 1994)Google Scholar
  9. 9.
    Odlyzko, A.M.: Discrete Logarithms: The Past and The Future. Designs, Codes, and Cryptography 19(2/3), 129–145 (2000)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Okamoto, T., Katsuno, H., Okamoto, E.: A Fast Signature Scheme based on new on-line Computation. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 111–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Okamoto, T., Tada, M., Miyaji, A.: An Improved Fast Signature Scheme without on-line Multiplication. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Pollard, J.M.: Monte Carlo Methods for Index Computations (mod p). Mathematics of Computation 32(143), 918–924 (1978)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Poupard, G., Stern, J.: Security Analysis of a Practical ”on the fly” Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communication of the ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Schnorr, C.P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Stern, J., Stern, J.P.: Cryptanalysis of the OTM Signature Scheme from FC’02. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 138–148. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Stinson, D.R.: Some Baby-Step Giant-Step Algorithms for the Low Hamming Weight Discrete Logarithm Problem. Mathematics of Computation 71(237), 379–391 (2002)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jean Sébastien Coron
    • 1
  • David Lefranc
    • 2
  • Guillaume Poupard
    • 3
  1. 1.Université du LuxembourgLuxembourg
  2. 2.France TélécomCaenFrance
  3. 3.DCSSI Crypto LabParis 07 SPFrance

Personalised recommendations