Skip to main content
Download book PDF
View expanded cover

International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2000: Advances in Cryptology — EUROCRYPT 2000 pp 70–80Cite as

A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1807)

Abstract

We introduce an attack against the ISO/IEC 9796-1 digital signature scheme using redundancy, taking advantage of the multiplicative property of the RSA and Rabin cryptosystems. The forged signature of 1 message is obtained from the signature of 3 others for any public exponent v. For even v, the modulus is factored from the signature of 4 messages, or just 2 for v = 2. The attacker must select the above messages from a particular message subset, which size grows exponentialy with the public modulus bit size. The attack is computationally inexpensive, and works for any modulus of 16z, 16z ± 1, or 16z ± 2 bits. This prompts the need to revise ISO/IEC 9796-1, or avoid its use in situations where an adversary could obtain the signature of even a few mostly chosen messages.

Download conference paper PDF

References

  1. ISO/IEC 9796:1991. Information technology — Security techniques — Digital signature scheme giving message recovery, 1991. See also http://www.iso.ch/jtc1/sc27/27sd799a.htm#9796.

  2. ISO/IEC 9796-1 Second edition Final Committee Draft. Information technology — Security techniques — Digital signature scheme giving message recovery — Part 1: Mechanisms using redundancy. Circulated as ISO/IEC JTC1/SC27 N2175 (1998).

    Google Scholar 

  3. Guillou, L. C. and Quisquater, J. J. and Walker, M. and Landrock, P. and Shaer, C.: Precautions taken against various potential attacks in ISO/IEC DIS 9796. Advances in Cryptology-EuroCrypt’ 90 (1990) 465–473.

    Google Scholar 

  4. Coron, J. S. and Naccache, D. and Stern, J. P.: A new signature forgery strategy applicable to ISO 9796-1/2, ECASH™, PKCS#1 V2.0, ANSI X9.31, SSL-3.02. Circulated as ISO/IEC JTC1/SC27 N2329 alias WG2 N429 (1999).

    Google Scholar 

  5. Coppersmith, D. and Halevi, S. and Jutla, C.: Some countermeasures against the new forgery strategy (Working Draft). Circulated as ISO/IEC JTC1/SC27 N2362 (1999).

    Google Scholar 

  6. Coppersmith, D. and Halevi, S. and Jutla, C.: ISO 9796-1 and the new forgery strategy (Working Draft) (1999). See http://grouper.ieee.org/groups/1363/contrib.html.

  7. Joye, M. and Quisquater, J.J.: On Rabin-type Signatures (Working Draft) Circulated as ISO/IEC JTC1/SC27/WG2 N449 (1999).

    Google Scholar 

  8. Menezes, A. and van Oorschot, P. and Vanstone, S.: Handbook of Applied Cryptography (1997). CRC Press, ed. See http://cacr.math.uwaterloo.ca/hac/.

Download references

Author information

Authors and Affiliations

  1. Innovatron, 1 rue Danton, 75006, Paris, France

    François Grieu

Authors
  1. François Grieu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical Engineering - ESAT / COSIC, Katholieke Universiteit Leuven, Kardinaal Mercierlaan 94, B-3001, Heverlee, Belgium

    Bart Preneel

Rights and permissions

Reprints and Permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grieu, F. (2000). A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-45539-6_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67517-4

  • Online ISBN: 978-3-540-45539-4

  • eBook Packages: Springer Book Archive