On the security of some variants of the RSA signature scheme

  • Markus Michels
  • Markus Stadler
  • Hung -Min Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1485)


We describe adaptive attacks on several variants of the RSA signature scheme by de Jonge and Chaum. Moreover, we show how to break Boyd’s scheme with an adaptive, a directed and a known signature attack. The feasibility of the adaptive attack on Boyd’s scheme is illustrated by a concrete example.


cryptanalysis digital signature schemes RSA variants 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D. Bleichenbacher, “On the Security of the KMOV Public Key cryptosystem”, LNCS 1294, Proc. Crypto’97, Springer-Verlag, (1997), pp. 235–248.Google Scholar
  2. 2.
    D. Bleichenbacher, W. Bosma, A. Lenstra, “Some remarks on Lucas-based cryptosystems”, LNCS 963, Proc. Crypto’95, Springer-Verlag, (1997), pp. 386–396.Google Scholar
  3. 3.
    D. Bleichenbacher, M. Joye, J.-J. Quisquater,“ A new and optimal chosen-message attack on RSA-type cryptosystems”, LNCS 1334, Proc. Information and Communications Security — ICICS’97, Springer-Verlag, (1997), pp. 302–313.Google Scholar
  4. 4.
    C. Boyd, “Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of ZZ n*”, LNCS 1334, Proc. ICICS’97, Springer-Verlag, (1997).Google Scholar
  5. 5.
    Communicated by Colin Boyd.Google Scholar
  6. 6.
    D. Chaum, “Security without identification: transaction systems to make big brother obsolete”, Communications of the ACM, 28, 10, October, (1985), pp. 1030–1044.CrossRefGoogle Scholar
  7. 7.
    G.I. Davida, “Chosen signature cryptoanalysis on the RSA (MIT) public key cryptosystem”, Tech. Rep. TR-CS-82-2, Department of Electrical Engineering and Computer Science, University of Wisconsin, Milwaukee, (1982).Google Scholar
  8. 8.
    J.M. DeLaurentis, “A further weakness in the common modulus protocol for the RSA cryptoalgorithm”, Cryptologia, No.8, Vol. 3, (1984), pp. 253–259.MathSciNetGoogle Scholar
  9. 9.
    N. Demytko, “A new elliptic curve based analogue of RSA”, LNCS 768, Proc. Eurocrypt’93, Springer Verlag, (1994), pp. 40–49.Google Scholar
  10. 10.
    H. Dobbertin, A. Bosselaers, B.Preneel, “RIPEMD-160, a strengthened version of RIPEMD”, LNCS 1039, Proc. Fast Software Encryption, Springer-Verlag, (1996), pp. 71–82.Google Scholar
  11. 11.
    S. Goldwasser, S. Micali, R. Rivest, “A digital signature scheme secure against adaptive chosen message attacks”, SIAM Journal on Computing, Vol. 17, No. 2, (1988), pp. 281–308.MATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    J. Hastad, “On using RSA with low exponent in a public key network”, LNCS 218, Proc. Crypto ’85, Springer Verlag, (1986), pp. 404–408.Google Scholar
  13. 13.
    W. de Jonge, D. Chaum, “Some Variations on RSA Signatures & their Security”, LNCS 263, Proc. Crypto ’86, Springer Verlag, (1987), pp. 49–59.Google Scholar
  14. 14.
    K. Kurusawa, U. Maurer, T.Okamoto, S.Vanstone, “New public key schemes based on the ring ZZ n”, LNCS 576, Proc. Crypto’91, Springer Verlag, (1992).Google Scholar
  15. 15.
    A. Lenstra, P. Leyland: LIP — Long Integer Package, 1995.Google Scholar
  16. 16.
    W.Mao, “Cryptanalysis in Prime Order Subgroups in ZZ n*”, manuscript, (1998), available at Scholar
  17. 17.
    W.B. Müller, W. Nöbauer, “Some remarks on public key cryptosystems”, Studia Sci. Math. Hung., Vol. 16, (1981), pp. 71–76.MATHGoogle Scholar
  18. 18.
    J. Pollard, “A Monte Carlo Method for Factorization”, BIT, Vol. 15, (1975), pp. 331–334.MATHMathSciNetCrossRefGoogle Scholar
  19. 19.
    M.O. Rabin, “Digitalized signatures and public-key functions as intractable as factorization”, MIT/LCS/TR-212, MIT Lab. for Computer Science, Cambridge, Mass., (1979).Google Scholar
  20. 20.
    R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, Vol.21, (1978), pp. 120–126.MATHMathSciNetCrossRefGoogle Scholar
  21. 21.
    B. Schoenmakers, “Basic Security of the ecashℳ Payment System”, LNCS, Proc. Computer Security and Industrial Cryptography: State of the Art and Evolution, Springer-Verlag, (1997).Google Scholar
  22. 22.
    H.C. Williams, “A modification of the RSA Public-Key Cryptosystem”, IEEE Trans. in Inform. Theory, IT-26, No. 6, (1980), pp. 726–729.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Markus Michels
    • 1
  • Markus Stadler
    • 1
  • Hung -Min Sun
    • 2
  1. 1.UbilabUBSZurichSwitzerland
  2. 2.Department of Information ManagementChaoYang University of TechnologyTaichung CountyTaiwan

Personalised recommendations