Abstract
We introduce an attack against the ISO/IEC 9796-1 digital signature scheme using redundancy, taking advantage of the multiplicative property of the RSA and Rabin cryptosystems. The forged signature of 1 message is obtained from the signature of 3 others for any public exponent v. For even v, the modulus is factored from the signature of 4 messages, or just 2 for v = 2. The attacker must select the above messages from a particular message subset, which size grows exponentialy with the public modulus bit size. The attack is computationally inexpensive, and works for any modulus of 16z, 16z ± 1, or 16z ± 2 bits. This prompts the need to revise ISO/IEC 9796-1, or avoid its use in situations where an adversary could obtain the signature of even a few mostly chosen messages.
Chapter PDF
Similar content being viewed by others
References
ISO/IEC 9796:1991. Information technology — Security techniques — Digital signature scheme giving message recovery, 1991. See also http://www.iso.ch/jtc1/sc27/27sd799a.htm#9796.
ISO/IEC 9796-1 Second edition Final Committee Draft. Information technology — Security techniques — Digital signature scheme giving message recovery — Part 1: Mechanisms using redundancy. Circulated as ISO/IEC JTC1/SC27 N2175 (1998).
Guillou, L. C. and Quisquater, J. J. and Walker, M. and Landrock, P. and Shaer, C.: Precautions taken against various potential attacks in ISO/IEC DIS 9796. Advances in Cryptology-EuroCrypt’ 90 (1990) 465–473.
Coron, J. S. and Naccache, D. and Stern, J. P.: A new signature forgery strategy applicable to ISO 9796-1/2, ECASH™, PKCS#1 V2.0, ANSI X9.31, SSL-3.02. Circulated as ISO/IEC JTC1/SC27 N2329 alias WG2 N429 (1999).
Coppersmith, D. and Halevi, S. and Jutla, C.: Some countermeasures against the new forgery strategy (Working Draft). Circulated as ISO/IEC JTC1/SC27 N2362 (1999).
Coppersmith, D. and Halevi, S. and Jutla, C.: ISO 9796-1 and the new forgery strategy (Working Draft) (1999). See http://grouper.ieee.org/groups/1363/contrib.html.
Joye, M. and Quisquater, J.J.: On Rabin-type Signatures (Working Draft) Circulated as ISO/IEC JTC1/SC27/WG2 N449 (1999).
Menezes, A. and van Oorschot, P. and Vanstone, S.: Handbook of Applied Cryptography (1997). CRC Press, ed. See http://cacr.math.uwaterloo.ca/hac/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grieu, F. (2000). A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_5
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive