Abstract
Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question in the affirmative; the ElGamal signature scheme has such a channel. Thus, contrary to popular belief, the design of the DSA does not maximise the covert utility of its signatures, but minimises them. Our construction also shows that many discrete log based systems are insecure: they operate in more than one group at a time, and key material may leak through those groups in which discrete log is easy. However, the DSA is not vulnerable in this way.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
'A Practical RSA Trapdoor', R Anderson, in Electronics Letters v 29 no 11 (27 May 1993) p 995
'Digital Signature Standard,’ Federal Information Processing Standard (FIPS) Publication 186, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., May 1994
'A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms', T ElGamal, IEEE Transactions on Information Theory, v 31, no 4 (1985) pp 469–472
'An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance', SC Pohlig, ME Hellman, IEEE Transactions on Information Theory, v 24, no 1 (Jan 18) pp 106–110
'Monte Carlo Methods for Index Computation (mod p),’ JM Pollard, Mathematics of Computation, v 32 no 143 (Jul 78) pp 918–924
'Applied Cryptography', B Schneier (2nd edition), Wiley 1995
'subliminal Channels; Past and Present', GJ Simmons, European Transactions on Telecommunications v 5 no 4 (Jul/Aug 94) pp 459–473
'How to Insure That Data Acquired to Verify Treaty Compliance are Trustworthy', GJ Simmons, Contemporary Cryptology (IEEE, 1992) pp 617–630
'subliminal Communciation is Easy Using the DSA', GJ Simmons, Advances in Cryptology — EUROCRYPT 93, Springer LNCS v 765 pp 218–232
Comment made from the floor at Eurocrypt 93, B Snow
'On Diffie-Hellman Key Agreement with Short Exponents', PC van Oorschot, MJ Wiener, Advances in Cryptology — EUROCRYPT 96, Springer LNCS v 1070 pp 332–343
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anderson, R., Vaudenay, S., Preneel, B., Nyberg, K. (1996). The Newton channel. In: Anderson, R. (eds) Information Hiding. IH 1996. Lecture Notes in Computer Science, vol 1174. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61996-8_38
Download citation
DOI: https://doi.org/10.1007/3-540-61996-8_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61996-3
Online ISBN: 978-3-540-49589-5
eBook Packages: Springer Book Archive