Abstract
Over the last year or two, a large number of attacks have been found by the authors and others on protocols based on the discrete logarithm problem, such as ElGamal signature and Diffie Hellman key exchange. These attacks depend on causing variables to assume values whose discrete logarithms can be calculated, whether by forcing a protocol exchange into a smooth subgroup or by choosing degenerate values directly. We survey these attacks and discuss how to build systems that are robust against them. In the process we elucidate a number of the design decisions behind the US Digital Signature Standard.
Laboratoire d'Informatique, research group affiliated with the CNRS.
Preview
Unable to display preview. Download preview PDF.
References
RJ Anderson, “Practical RSA Trapdoor”, in Electronics Letters v 29 no 11 (27/5/93) p 995
RJ Anderson, “Why Cryptosystems Fail”, in Communications of the ACM v 37 no 11 (Nov 94) pp 32–40
RJ Anderson, SJ Bezuidenhoudt, “On the Reliability of Electronic Payment Systems”, in IEEE Transactions on Software Engineering v 22 no 5 (May 1996) pp 294–301
RJ Anderson, TMA Lomas, “On fortifying key negotiation schemes with poorly chosen passwords”, in Electronics letters v 30 no 12 (23rd July 1994) pp 1040–1041
RJ Anderson, RM Needham, “Robustness principles for public key protocols” in Advances in Cryptology — CRYPTO '95, Springer LNCS v 963 pp 236–247
R Anderson, S Vaudenay, B Preneel, K Nyberg, “The Newton Channel”, in Preproceedings of the First International Workshop on Information Hiding (30/5-1/6/96, Cambridge, UK) pp 143–148; proceedings to be published in Springer LNCS series
D. Bleichenbacher, “Generating ElGamal Signatures Without Knowing the Secret Key”, in Advances in Cryptology — Eurocrypt 96, Springer LNCS v 1070 pp 10–18
D. Bleichenbacher, ‘Efficiency and Security of Cryptosystems based on Number Theory’ Dissertation ETH No. 11404, Swiss Federal Institute of Technology, Zürich (1996)
“Securing Electronic Mail within HMG — part 1: Infrastructure and Protocol” 21 March 1996, CESG document T/3113TL/2776/11
B Chor, RL Rivest, “A knapsack-type public key cryptosystem based on arithmetic in finite fields”, in IEEE Transactions on Information Theory, v 34 (1988) pp 901–909
Y Desmedt, P Landrock, A Lenstra, K McCurley, A Odlyzko, R Rueppel, M Smid, “The Eurocrypt 92 Controversial Issue — Trapdoor Primes and Moduli”, in Advances in Cryptology — Eurocrypt 92, Springer LNCS v 658 pp 194–199
W Diffie, PC van Oorschot, MJ Wiener, “Authentication and authenticated key exchanges”, in Designs, Codes and Cryptography v 2 (1992) pp 107–125
T ElGamal, “A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms”, IEEE Transactions on Information Theory v 31 no 4 (1985) pp 469–472
A Fiat, A Shamir, “How to prove yourself: practical solutions to identification and signature problems”, in Advances in Cryptology — CRYPTO 86, Springer LNCS v 263 pp 186–194
FH Hinsley, A Stripp, ‘Codebreakers', OUP 1993
A Joux, J Stern, “Lattice Reduction: a Toolbox for the Cryptanalyst”, to appear in Journal of Cryptology
N Jefferies, C Mitchell, M Walker, “A Proposed Architecture for Trusted Third Party Services”, in Cryptography: Policy and Algorithms, Springer LNCS v 1029 pp 98–104
M Just, S Vaudenay. “Authenticated multi-party key agreement”, in these proceedings
HW Lenstra, Jr., “On the Chor-Rivest Knapsack Cryptosystem”, in Journal of Cryptology v 3 (1991) pp 149–155
L Letham, D Hoff and A Folmsbee, “A 128K EPROM Using Encryption of Pseudorandom Numbers to Enable Read Access”, in IEEE Journal of Solid State Circuits v SC-21 (Oct 1986) pp 881–888
T Matsumoto, Y Takashima, H Imai. “On Seeking Smart Public-Key-Distribution Systems”, in Transactions of the IECE of Japan (1986) pp 99–106
D Naccache, ‘Signature Numérique et Preuves à Divulgation Nulle, Cryptanalyse, Défense et Outils Algorithmiques', Thèse de Doctorat de l'Ecole Nationale Supérieure des Télécommunications ENST 95 E 019 (1995)
National Institute of Standards and Technology, ‘Digital Signature Standard', FIPS Publication 186 (19 May 1994)
D Naccache, J Stern, “A new public-key encryption scheme”, presented at Luminy, September 1995
D Pointcheval, J Stern. “Security proofs for signature schemes”, in Advances in Cryptology — Eurocrypt 96, Springer LNCS v 1070 pp 387–398
CP Schnorr, “Efficient identification and signature for smart cards”, in Advances in Cryptology — CRYPTO 89, Springer LNCS v 435 pp 239–252
CP Schnorr, “Efficient signature generation by smart cards”, in Journal of Cryptology v 4 (1991) pp 161–174
CP Schnorr, HH Hörner, “Attacking the Chor-Rivest Cryptosystem by improved lattice reduction”, in Advances in Cryptology — Eurocrypt 95, Springer LNCS v 921 pp 1–12
R Schroeppel, H Orman, S O'Malley, O Spatschek, “Fast Key Exchange with Elliptic Curve Systems”, in Advances in Cryptology — Crypto 95, Springer LNCS v 963 pp 43–56
S Vaudenay, “Hidden collisions on DSS”, in Advances in Cryptology — CRYPTO '96, Springer LNCS v 1109 pp 83–88
P. van Oorschot, M. J. Wiener, “On Diffie-Hellman key agreement with short exponents”, in Advances in Cryptology — Eurocrypt 96, Springer LNCS v 1070 pp 332–343
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag
About this paper
Cite this paper
Anderson, R., Vaudenay, S. (1996). Minding your p's and q's. In: Kim, K., Matsumoto, T. (eds) Advances in Cryptology — ASIACRYPT '96. ASIACRYPT 1996. Lecture Notes in Computer Science, vol 1163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0034832
Download citation
DOI: https://doi.org/10.1007/BFb0034832
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61872-0
Online ISBN: 978-3-540-70707-3
eBook Packages: Springer Book Archive