Abstract
Digital signature schemes often use domain parameters such as prime numbers or elliptic curves. They can be subject to security threats when they are not treated like public keys. In this paper we formalize the notion of “signature scheme with domain parameter” together with a new adversarial model: the “domain parameter shifting attack”.
We take ECDSA as a case study. We make a domain parameter shifting attack against ECDSA: an attacker can impersonate a honest signer either by trying to modify the subgroup generator G or, when using point compression representation, by trying to modify the elliptic curve a and b domain parameters. We further propose to fix this ECDSA issue.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
SEC 2: Recommended Elliptic Curve Cryptography Domain Parameters. v1.0, Certicom Research (2000)
ANSI X9.30. Public Key Cryptography for the Financial Services Industry: Part 1: The Digital Signature Algorithm (DSA). American National Standard Institute. American Bankers Association (1997)
ANSI X9.62. Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standard Institute. American Bankers Association (1998)
ISO/IEC 14888. Information Technology — Security Techniques — Digital Signatures with Appendix. ISO/IEC, Geneva, Switzerland (1998)
Secure Hash Standard. Federal Information Processing Standard publication #180- 1. U.S. Department of Commerce, National Institute of Standards and Technology (1995)
Digital Signature Standard (DSS). Federal Information Processing Standards publication #186-2. U.S. Department of Commerce, National Institute of Standards and Technology (2000)
Bleichenbacher, D.: Generating ElGamal Signatures without Knowing the Secret Key. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10–18. Springer, Heidelberg (1996)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
ElGamal, T.: Cryptography and Logarithms over Finite Fields. PhD Thesis, Stanford University (1984)
ElGamal, T.: A Public-key Cryptosystem and a Signature Scheme based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)
ElGamal, T.: A Public-key Cryptosystem and a Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory IT-31, 469–472 (1985)
Goldwasser, S., Micali, S., Rivest, R.L.: A “Paradoxical” Solution to the Signature Problem. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, p. 467. Springer, Heidelberg (1985)
Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM Journal on Computing 17, 281–308 (1988)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. Internet Standard. RFC 2459 (1999)
Koblitz, N.: CM-Curves with good Cryptographic Properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. N. Koblitz, vol. 576, pp. 279–287. Springer, Heidelberg (1992)
Menezes, A., Smart, N.: Security of Signature Schemes in a Multi-User Setting. To appear in Designs, Codes and Cryptography
Merkle, R.C.: Secure Communications over Insecure Channels. Communications of the ACM 21, 294–299 (1978)
Monnerat, J.: Computation of the Discrete Logarithm on Elliptic Curves of Trace One — Tutorial. Technical report EPFL/IC/2002/49, EPFL (2002)
Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-key Cryptosystem. Communications of the ACM 21, 120–126 (1978)
Schnorr, C.P.: Efficient Identification and Signature for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 235–251. Springer, Heidelberg (1990)
Schnorr, C.P.: Efficient Identification and Signature for Smart Cards. Journal of Cryptology 4, 161–174 (1991)
Smart, N.P.: The Discrete Logarithm Problem on Elliptic Curves of Trace One. Journal of Cryptology 12, 193–196 (1999)
Vaudenay, S.: Hidden Collisions on DSS. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 83–88. Springer, Heidelberg (1996)
Vaudenay, S.: The Security of DSA and ECDSA — Bypassing the Standard Elliptic Curve Certification Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2004). Digital Signature Schemes with Domain Parameters. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27800-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-27800-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22379-5
Online ISBN: 978-3-540-27800-9
eBook Packages: Springer Book Archive