Skip to main content

A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme

  • Conference paper
  • First Online:

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1807)

Abstract

We introduce an attack against the ISO/IEC 9796-1 digital signature scheme using redundancy, taking advantage of the multiplicative property of the RSA and Rabin cryptosystems. The forged signature of 1 message is obtained from the signature of 3 others for any public exponent v. For even v, the modulus is factored from the signature of 4 messages, or just 2 for v = 2. The attacker must select the above messages from a particular message subset, which size grows exponentialy with the public modulus bit size. The attack is computationally inexpensive, and works for any modulus of 16z, 16z ± 1, or 16z ± 2 bits. This prompts the need to revise ISO/IEC 9796-1, or avoid its use in situations where an adversary could obtain the signature of even a few mostly chosen messages.

References

  1. ISO/IEC 9796:1991. Information technology — Security techniques — Digital signature scheme giving message recovery, 1991. See also http://www.iso.ch/jtc1/sc27/27sd799a.htm#9796.

  2. ISO/IEC 9796-1 Second edition Final Committee Draft. Information technology — Security techniques — Digital signature scheme giving message recovery — Part 1: Mechanisms using redundancy. Circulated as ISO/IEC JTC1/SC27 N2175 (1998).

    Google Scholar 

  3. Guillou, L. C. and Quisquater, J. J. and Walker, M. and Landrock, P. and Shaer, C.: Precautions taken against various potential attacks in ISO/IEC DIS 9796. Advances in Cryptology-EuroCrypt’ 90 (1990) 465–473.

    Google Scholar 

  4. Coron, J. S. and Naccache, D. and Stern, J. P.: A new signature forgery strategy applicable to ISO 9796-1/2, ECASH™, PKCS#1 V2.0, ANSI X9.31, SSL-3.02. Circulated as ISO/IEC JTC1/SC27 N2329 alias WG2 N429 (1999).

    Google Scholar 

  5. Coppersmith, D. and Halevi, S. and Jutla, C.: Some countermeasures against the new forgery strategy (Working Draft). Circulated as ISO/IEC JTC1/SC27 N2362 (1999).

    Google Scholar 

  6. Coppersmith, D. and Halevi, S. and Jutla, C.: ISO 9796-1 and the new forgery strategy (Working Draft) (1999). See http://grouper.ieee.org/groups/1363/contrib.html.

  7. Joye, M. and Quisquater, J.J.: On Rabin-type Signatures (Working Draft) Circulated as ISO/IEC JTC1/SC27/WG2 N449 (1999).

    Google Scholar 

  8. Menezes, A. and van Oorschot, P. and Vanstone, S.: Handbook of Applied Cryptography (1997). CRC Press, ed. See http://cacr.math.uwaterloo.ca/hac/.

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grieu, F. (2000). A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-45539-6_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67517-4

  • Online ISBN: 978-3-540-45539-4

  • eBook Packages: Springer Book Archive

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.