The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces
- 1.2k Downloads
It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
KeywordsDSA Closest Vector Problem Hidden Number Problem Exponential Sums
Unable to display preview. Download preview PDF.
- 1.M. Ajtai, R. Kumar and D. Sivakumar, A sieve algorithm for the shortest lattice vector problem, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001 601–610.Google Scholar
- 3.D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1109 (1996), 129–142.Google Scholar
- 4.D. Boneh and R. Venkatesan, Rounding in lattices and its cryptographic applications, Proc. 8-rd Annual ACM-SIAM Symp. on Discr. Algorithms, ACM, NY, 1997, 675–681.Google Scholar
- 6.N. A. Howgrave-Graham and N. P. Smart, Lattice attacks on digital signature schemes, Designs, Codes and Cryptography, (to appear).Google Scholar
- 11.R. Lidl and H. Niederreiter, Finite fields, Cambridge University Press, Cambridge, 1997.Google Scholar
- 12.A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.Google Scholar
- 14.P. Q. Nguyen, The dark side of the hidden number problem: Lattice attacks on DSA, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 321–330.Google Scholar
- 15.P. Q. Nguyen and I. E. Shparlinski, The insecurity of the Digital Signature Algorithm with partially known nonces, J. of Cryptology, to appear.Google Scholar
- 16.P. Q. Nguyen and J. Stern, The hardness of the hidden subset sum problem and its cryptographic implications, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1666 (1999), 31–46.Google Scholar
- 19.B. Schneier, Applied cryptography, J. Wiley, NY, 1996.Google Scholar
- 22.V. Shoup, Number Theory C++ Library (NTL), Available at http://www.shoup.net/ntl/.