Generating EIGamal Signatures Without Knowing the Secret Key

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1070)


We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.


Signature Scheme Discrete Logarithm Problem Chinese Remainder Theorem Valid Signature Public Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    T. Beth, M. Frisch, and G.J. Simmons (eds). Public-key Cryptography, State of the Art and Future Directions, volume 578 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 1992.zbMATHGoogle Scholar
  2. 2.
    E. F. Brickell, D. M. Gordon, K. S. McCurley, and D. B. Wilson. Fast exponentiation with precomputation. Advances in Cryptology-EUROCRYPT’ 92, volume 658 of Lecture Notes in Computer Science, pages 200–207, 1993.CrossRefGoogle Scholar
  3. 3.
    E. F. Brickell and K. S. McCurley. An interactive identification scheme based on discrete logarithms and factoring. Journal of Cryptology, 5(1):29–39, 1992.CrossRefzbMATHGoogle Scholar
  4. 4.
    T. El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. Advances in Cryptology: Proceedings of CRYPTO’ 94, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer-Verlag, 1985.Google Scholar
  5. 5.
    D. M. Gordon. Designing and detecting trapdoors for discrete log cryptosystems. Advances in Cryptology—CRYPTO’ 92, volume 740 of Lecture Notes in Computer Science, pages 66–75. Springer-Verlag, 1992.CrossRefGoogle Scholar
  6. 6.
    D. M. Gordon. Discrete logarithms in GF(p) using the number field sieve. SIAM J. Disc. Math., 6(1):124–138, February 1993.CrossRefzbMATHGoogle Scholar
  7. 7.
    G. H. Hardy and E. M. Wright. An introduction to the theory of numbers. Clarendon Press, Oxford, 5th edition, 1979.zbMATHGoogle Scholar
  8. 8.
    L. Harn. Public-key cryptosystem design based on factoring and discrete logarithm. IEE Proc. Comput. Digit. Tech., 141(3):193–195, 1994.CrossRefzbMATHGoogle Scholar
  9. 9.
    P. Horster, M. Michels, and H. Petersen. Generalized ElGamal signatures for one message block. Technical Report TR-94-3, University of Technology Chemnitz-Zwickau, May 1994.Google Scholar
  10. 10.
    P. Horster, M. Michels, and H. Petersen. Meta-ElGamal signature schemes using a composite module. Technical Report TR-94-16-E, University of Technology Chemnitz-Zwickau, November 1994.Google Scholar
  11. 11.
    A. Menezes, M. Qu, and S. Vanstone. Key agreement and the need for authentication. PKS, November 1995.Google Scholar
  12. 12.
    National Institute of Standards and Technology (NIST). FIPS Publication 186: Digital Signature Standard, May 19, 1994.Google Scholar
  13. 13.
    S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inform. Theory, IT-24:106–110, January 1978.CrossRefMathSciNetGoogle Scholar
  14. 14.
    R. A. Rueppel, A. K. Lenstra, M. E. Smid, K. S. McCurley, Y. Desmedt, A. Odlyzko, and P. Landrock. Panel discussion: Trapdoor primes and moduli. Advances in Cryptology — EUROCRYPT’ 92, volume 658 of Lecture Notes in Computer Science, pages 194–199. Springer-Verlag, 1993.CrossRefGoogle Scholar
  15. 15.
    S. Saryazdi. An extension to ElGamal public key cryptosystem with a new signature scheme. Communication, Control, and Signal Processing, pages 195–198. Elsevier, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  1. 1.Institute for Theoretical Computer ScienceETH ZürichZürichSwitzerland

Personalised recommendations