Hidden Collisions on DSS
|
Abstract:
We explain how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures (what we call a collision). This attack is thwarted by using the generation algorithm suggested in the specifications of the Standard, so it proves one always need to check proper generation. We also present a similar attack when using this generation algorithm within a complexity 2 74, which is better than the birthday attack which seeks for collisions on the underlying hash function. Imagine you want to join to a brand new association which offers to provide useful services on the net. To allow electronic payment, this association provides a DSS implementation with public parameters p = 1007386175274283816733054843443587432664299802160928
Citations
| 788 | A public key cryptosystem and a signature scheme based on discrete logarithms – Elgamal - 1985 |
| 413 | Efficient signature generation for smart cards – Schnorr - 1991 |
| 210 | Efficient identification and signatures for smart cards – Schnorr |
| 172 | Security proofs for signature schemes – Pointcheval, Stern |
| 31 | Generating ElGamal signatures without knowing the secret key – Bleichenbacher - 1996 |
| 1 | Department of Commerce, National Institute of Standards and Technology – S - 1995 |
